GAO Report On Retirement Plans Warns of Hacking Risk!

Chicago-based Stoltmann Law Offices has represented investors who’ve suffered losses from dealing with broker-advisors who lost money in retirement plan investments. Hands down, one of the most secure things you own should be your retirement assets. Nobody should be able to pilfer them. But in the internet age, criminals are finding ways into company-sponsored plans.

The Government Accountability Office (GAO), the congressional watchdog agency, recently warned that retirement plans may be compromised by cybercrooks who break into programs like 401(k)s through the Internet. Why are cybercriminals going after these supposedly secure entities? Because that’s where the money is: As of 2018, there were 106 million people in private retirement plans that had more than $6.3 trillion in assets. The main issue with retirement plan security is that plan providers may share data with third parties. That may expose the plan to breaches. Since there’s little to no modern federal guidance how to protect this valuable information, that’s a huge threat.

Why is this information at risk? There are any number of ways that thieves can break in and steal valuable personal data. The GAO found that “personally identifiable information is shared throughout the chain of providers, starting at the plan sponsor and moving back and forth through third-party administrators, recordkeepers, custodians and payroll providers.” That means crooks may be able to take Social Security and bank account numbers.

The GAO stated that one cyberattack “at any point in the complex web of entities working together to administer a retirement plan could cause enormous losses of both personal information and plan assets, which could lead to identity theft or severe financial and other ramifications for plan participants.”

It’s not clear how responsible employers are – or what they are doing — to protect this information. Under federal law, they are named “fiduciaries” for these plans, which means they must act as legal guardians for safeguarding assets. They can be sued if their conduct falls below the standard of care. “A host of plan administrators share the personal information used to administer these plans via the internet, which can lead to significant cybersecurity risks,” the GAO reported. “In some cases, there is no federal guidance about how to mitigate these risks.”

According to ThinkAdvisor.com, “the GAO’s report urged the Labor Department to clarify whether fiduciaries are responsible for cybersecurity, and if so, issue guidance on minimum expectations for reducing cybersecurity risks.” In a stern warning to Congress, the GAO also emphasized that “until the U.S. Department of Labor formally clarifies plan fiduciaries’ responsibilities and provides minimum expectations related to cybersecurity, fiduciaries may not realize that they could be liable for losses they were obligated to prevent, such plans and their participants will continue to be vulnerable to financial losses and personal information breaches.”

Have you invested with employers or broker-advisers who have put your retirement funds at risk? FINRA and the SEC have strict rules on disclosing risk profiles on all investments sold by brokers and investment advisers. If they fail to fully inform you of downside risk, you may have a case in arbitration.

If you invested with a broker-advisor and lost money as a result, you may have a claim to pursue through FINRA Arbitration or through litigation. Please contact Stoltmann Law Offices, P.C. at 312-332-4200 for a free, no obligation consultation with a securities attorney. Stoltmann Law Offices is a contingency fee law firm which means we do not get paid until you do!