“Who is liable when cyber theft occurs?” is a featured question in the Spring 2023 edition of PLANADVISER magazine citing the cybersecurity responsibilities of retirement plan recordkeepers and sponsors to protect participants.
The article aims to educate readers on strengthening cybersecurity based on insight gained from the Disberry vs. Colgate-Palmolive Employee Retirement Income Security Act (ERISA) cybersecurity lawsuit in which over $750,000 was stolen from a retirement account.
The suit alleged that the recordkeeper, Alight Solutions, did not adhere to security protocols to prevent the theft and named the plan sponsor, Colgate-Palmolive, as well as the issuer of the distribution check, Bank of NY Mellon.
Fraudsters impersonating the plan participant contacted the recordkeeper to request a change of mailing address. It is believed that subsequent paperwork from the recordkeeper, which included a personal identification number, was intercepted, and then utilized by the bad actors to change the email address and phone number. In the weeks following, the fraudsters changed the participant’s login credentials and added a new bank account. While the recordkeeper did notify the participant with confirmation of the changes the notice(s) were received by the fraudsters leaving the rightful plan participant unaware of the activities. The fraudsters then withdrew the entire contents of the retirement account.
Brian Edelman contributed that “extra safeguards should be in place when first making a distribution to a new destination, such as a new bank account” and that “distribution to a new bank account should be considered high-risk, as opposed to a routine distribution to an existing account.” Edelman also remarked that a substantial amount of information was changed within a short time frame, which would be a red flag for investigation too.”
The cyber lawsuit and following industry discussion shines a spotlight on the need for cybersecurity safeguards and security policies to be in place and enforced by retirement plan fiduciaries.
PLANADVISER, with its reputation for editorial integrity, objectivity, and leadership, is the trusted information and solutions resource for America’s retirement benefits decisionmakers. With its powerful array of customer-driven marketing programs, PLANADVISER offers industry providers an unparalleled ability to reach this influential audience. With all of the changes within the retirement industry, plan sponsors and advisers rely on PLANADVISER magazine to help them stay informed of crucial issues and important new innovative solutions.