An Illinois district court issued a split decision in a case involving the cybertheft of retirement plan assets, allowing the plan administrator and plan sponsor to be dismissed, but requiring the recordkeeper to defend allegations that it breached its fiduciary duties under the Employee Retirement Income Security Act (ERISA). Bartnett v. Abbott Laboratories, et. al. (N.D. Illinois, Case No. 1:20-cv-02127) is one of several recent lawsuits filed against plan sponsors and recordkeepers for allowing cyber-thieves to pilfer large distributions from participants’ retirement plan accounts.
Heide Bartnett, a former employee of Abbott Laboratories (Abbott) and participant in Abbott’s 401(k) plan, alleges that a hacker accessed her 401(k) account online, changed the password, added a new bank account and requested a $245,000 distribution from the 401(k) plan’s recordkeeper, Alight Solutions LLC (Alight) to be deposited into the newly added account. The imposter also called Alight several times to ask questions about the distribution.