Cybersecurity: A Plan Sponsor Obligation

A recently filed lawsuit against a trust company serving as a 401(k) plan trustee, the second of its kind in the last few months, highlights the need for plan sponsor diligence in protecting participant data and accounts in an increasingly electronic world. We only have one side of the story so far, the allegations in the complaint, but the trustee is charged with permitting a thief to get almost $125,000 from the business owner’s account. This was done through phone, email and bank accounts not associated in the trustee’s records with the owner’s account. It took several weeks for the trustee to notify the business owner, and the trustee only did so when it received and prevented a second fraudulent distribution request. The trust company has not yet restored the account.

Continue reading “Cybersecurity: A Plan Sponsor Obligation”