DiMeo Schneider & Associates, L.L.C. is now Fiducient Advisors

A collection of resources to help you prosper

Cyber Attacks and Data Breaches: How Safe are Your Retirement Accounts?

April 11, 2020

By Brian White

Senior Consultant

Brian services institutional clients by providing advice and guidance on the manager search process, fund selection for portfolios and overall investment management. Brian is a member of the firm’s Defined …

The Facebook / Cambridge Analytica scandal, unearthed in March 2018, has heightened Americans’ awareness of privacy, data breaches and overall security. The London-based political consulting firm, which filed for bankruptcy two months later, compromised some 87 million Facebook users’ personal data, and has caused concern over how much of their personal information is floating around “out there”.

“Fraudsters” or “bad actors” (let’s call them what they are… CRIMINALS) have our data. In addition to the amount of data that we knowingly disclose, there is even more personal information that is unknowingly shared or stolen through large scale breaches. Target, Home Depot and Lord & Taylor are just a few retailers, in as many years, in addition to Experian, the credit reporting agency, whose data breaches have placed customer’s birthdates, social security and credit card numbers on the dark web, that there is enough information for cyber criminals to do serious damage.

Technology, encompassing social, productivity and shopping apps, provide daily conveniences that could be difficult to live without in the 21st century.  For the conveniences, users sacrifice privacy and personal data.  The amount of data we relinquish, knowingly or in most cases, unknowingly, is almost beyond comprehension. And, how the data is to be used and protected is hidden in lengthy user agreements that we blindly accept.

For most Americans, our 401(k)/403(b) plan is our largest asset outside (outside of home ownership). So, how susceptible are 401(k)/403(b) plans to cyberattacks? For many of the largest providers, it is not uncommon for them to experience as many as three million fraudulent attempts every day. Cyber-attacks are a constant threat to retirement plan recordkeepers.

Every year, the industry spends tens-of-millions of dollars to stay ahead of the increasingly sophisticated attacks.

Qualified retirement plans, including 401(k)/403(b), have features built in to help restrict fraudulent access to retirement funds. For example, most plans do not allow in-service withdrawals when participants are under 59 ½, the normal retirement age. Recordkeepers too have safeguards in place to ensure unauthorized persons cannot direct monies be transferred to a different account or mailed to a new address. Every year, the industry spends tens-of-millions of dollars to stay ahead of the increasingly sophisticated attacks.

The recent COVID-19 crisis has led to congress passing the CARES Act. The CARES Act allows Plan Sponsors to adopt features to increase loan amounts and/or offer penalty-free withdrawals for those affected by COVID-19. This means that some of the typical red-flags for requesting monies (under age 59 ½ for example) from a retirement plan have been removed.

Security of retirement plan assets should not solely fall on the recordkeeper. Participants can (and should) take steps to thwart fraudulent attempts to access their retirement plans.

The most effective way for participants to take advantage of the recordkeepers’ built in safeguards is to register their account online. The majority of retirement plan providers now offer dual authentication features that dramatically cut down the probability of fraudulent activity. In order for these features to work, the participant must have registered their account online. Those participants eligible for normal distributions, but do have not have access to their account online, are the most susceptible.

In the event a participant reports their identity has been stolen you can walk them through the following checklist.

  • • Change all passwords… and ensure they’re strong. There are a number of free or pay-for-service password management software applications available that encrypt strong, unique passwords for each site you visit. Dashlane, LastPass and Sticky Password are just a few.

  • • Contact the Federal Trade Commission (FTC) and file a police report.

  • • Put a freeze on credit. A credit freeze does not stop fraudulent attempts to access accounts, but it limits who can view your credit report. In the event an unauthorized person has their information and tries to establish a new line of credit, an issuer will not be able to view the credit history and then be less likely to issue additional credit. This is typically offered at no cost to identity theft victims. Freeze the credit reports with all three credit rating agencies and know the thawing process.

  • • Enroll in credit monitoring. These services will help track any new accounts that may be opened fraudulently. Also, services are typically offered at no cost for identity theft victims.

  • • Call the plan provider and notify them of the breach. Request additional layers of authentication and stricter requirements for disbursing funds.

For more information, www.identitytheft.gov is a great resource with steps to create and track a recovery plan to assist in the process. With one-in- four Americans having experienced some sort of identity theft, it is important to know it doesn’t have to be a debilitating experience.

At Fiducient Advisors, we have a team dedicated to review recordkeepers to ensure safeguards taken in cyber security are reasonable and up to industry standards. If you have questions, please contact any of the associates at Fiducient Advisors

The information contained herein is confidential and may not be disseminated or distributed to any other person without the prior approval of Fiducient Advisors. Any dissemination or distribution is strictly prohibited. Information has been obtained from a variety of sources believed to be reliable though not independently verified. Any forecasts represent future expectations and actual returns, volatilities and correlations will differ from forecasts. This report does not represent a specific investment recommendation. Please consult with your advisor, attorney and accountant, as appropriate, regarding specific advice. Past performance does not indicate future performance and there is a possibility of a loss.

Get the latest updates directly to your inbox. Subscribe to our Fiducient Advisors Blog today.

Subscribe To Our Blog

View Related Posts

Investment Office at Fiducient Advisors: Creative and Flexible Management Solutions for Today’s Nonprofits"

March 4, 2021

These days, we are witnessing a trending increase in requests from clients and prospective clients for an outsourced consulting model or partially outsourced consulting model in which...

Focus on Diversity, Equity & Inclusion: To Be Continued…"

February 23, 2021

In December 2020, Fiducient Advisors, hosted a roundtable webcast titled “Diversity, Equity & Inclusion in Investment Management.” During this informative and intriguing discussion, the panel considered the fact that the investment management industry is...

Essentials for Monitoring Your Organization’s Investment Portfolio Performance"

February 16, 2021

Regular reviews of investment performance are a valuable exercise but only when done properly. In 1983, a group of elderly women met in a church basement in Beardstown, Illinois and …