Like anything else involved with money, 401(k) plans are being stalked by cyberthieves.
They want to get access to your plan so that they can steal money from it, also known as “unauthorized withdrawals” in industry parlance.
According to the Golan Christie Taglia LLC law firm, cybercriminals gain access through this modus operandi: “A participant submits an electronic benefit withdrawal request to the employer or the plan’s record keeper. The request is passed on to the plan’s custodian for implementation.”
“The custodian, as holder of the plan assets, then transfers the requested funds to the participant’s bank account. This is a routine transaction and the distribution has been implemented as intended.”
Although 401(k) theft is relatively rare, it’s an increasing problem. There are two pending federal lawsuits involving plan losses. How do you protect your retirement funds? Attorneys Matthew Wasserman and Andrew Williams suggest:
“Plan sponsors (employers) should consider their own cybersecurity protective measures and make sure that plan service providers have taken appropriate steps to secure the confidentiality of participants’ personal information.”
“Plan service providers may want to implement additional steps in processing plan withdrawal requests. Implementing an additional verification step could not only prevent cybercrime but also could establish a better defense based on the provider’s claim of non-fiduciary status.”
In plain language, ask your employer what cybersecurity measures they have taken to make it difficult for a third party to access your account. Two-factor verification (many online vendors offer this) is a good start.