An Evolving Threat to Your Retirement Account: Cyberattacks

retirement cyber attack

From Birch Gold Group

On top of the various other challenges retirement savers already face, you now have another concern to consider: the possibility of a cyberattack.

Imagine if the life savings you set aside in your nest egg were drained with a couple of phone calls and control of your email account.

That’s precisely what happened in 2018 to a woman in her 50s, according to the Gloucester Daily, who had $200,000 snatched from her 401(k) at Alight Solutions:

She went to Danvers police, who discovered that someone had called Alight pretending to be her and asked to add a Bank of America account to the 401(k) so that funds could be transferred out of the retirement account, Bellavia told Judge Thomas Drechsler.

But before the phone call had taken place, the criminals had already cleared the way to access the funds with a cyberattack:

Before adding the Bank of America account, Alight sent a “verification” code to the woman’s email. She later discovered that her email had been hacked, after colleagues on the board of a local nonprofit where she volunteers began receiving strange emails under her name, asking for money.

This particular incident, one that can happen to anyone at any time, highlights an inherent vulnerability with 401(k) plan administration. Fred Barstein at 401kTV explained the problem in more detail:

With a recordkeeper, plan sponsor in-house fiduciaries, a custodian, money-managers and third-party administrators all servicing and plan in different ways – there can easily be a breakdown when it comes to changing an account mailing address or where to wire account balances.

Barstein continues by shining a light on a potential underlying condition that enables cyberattacks, saying the retirement plan industry has quite a few “transaction-based service providers who want to get the current and next transaction completed and ‘off their desk’ or ‘off their computer screen’ as quickly as possible.”

As this specific case illustrates, fragmentation in the plan servicing process and impatience in processing transactions combine to create vulnerabilities that can be exploited.

And even though retirement accounts aren’t a primary target, this isn’t the only recent instance of a cyberattack. Some other examples:

  • In June of 2016, more than 90 retirement accounts in the City of Chicago were hacked, resulting in an estimated loss of $2.6 million and stolen personal information from 58 of those accounts.


  • In July 2016, a local grocery store Union was the victim of a ransomware attack. “The information potentially affected include participants’ names, dates of birth and Social Security numbers, as well as bank account information for some individuals.”


  • On March 7, 2019, the FBI’s Cyber Division issued a Private Industry Notification that warned of a rise in cybercrime related to retirement and health spending accounts. The increase in these attacks has been noted since September of 2017, with particularly high levels of confirmed attacks occurring toward the end of 2018.

Retirement plans “are big targets and particularly susceptible to cyberattacks,” and employers should take steps to defend against these assaults, advised Neal Schelberg, a partner with law firm Proskauer Rose in New York City.

What you can do to start protecting your retirement account

With human beings involved in administration processes, your main line of defense is to periodically contact your plan administrator and check your retirement accounts.

Beyond that, there are a number of things you can do to make sure your account stays safe. The October 2018 issue of Greenleaf Trust Perspectives offers some tips you can consider adding to your cyber-threat prevention toolbox:

  1.  Use secure and complex passwords and store them safely.
  2.  Don’t access retirement accounts using shared computers or open WiFi networks.
  3.  Add email alerts to your account that notify you when important changes are made (like password changes, for example).
  4.  Be sure to regularly update your contact information with your retirement plan administrator (so you can be notified of a breach if it happens).
  5.  Use two-factor authentication when possible.

Also keep in mind that most 401(k) accounts generally have “built in protections” should an unauthorized individual try and transfer money. Nevertheless, there is pressure for enhanced security in the industry since 401(k) plans total $6 trillion in the U.S.

In spite of these efforts, as you have just read, these security measures don’t always work. So it’s probably best to do your own due diligence.

Make Your Retirement Hack Proof

For the handful of criminals who know what they are doing, your retirement can be a big target. But you can make things a bit harder for them.

One way to guard your retirement against cyber criminals is to consider converting some of your financial assets into precious metals, which aren’t sitting on a computer waiting to be hacked.

While shoring up the security in your retirement, consider adding gold and silver to your asset diversification plan.

economy, Featured, retirement, social security