Subscribe Now!
Free Daily News, Jobs, Webcasts, Discussions
Display and Distribute
Your Job Openings
COVID-19 News
COVID-19 Webcasts

Featured Jobs

Trust Funds Accountant

RFK Medical Plan/JDLC Pension Plan
(Keene CA)

Manager, Defined Contributions Administration

Definiti
(Telecommute / The Woodlands TX / University Place WA / Dallas TX / Erie PA / Canonsburg PA / West Palm Beach FL)

Defined Contribution Administrator

PACETPA
(Telecommute / Clovis CA / Las Vegas NV)

PACETPA logo

Director, Retirement Benefits

Wespath Benefits and Investments
(Telecommute / Glenview IL)

Wespath Benefits and Investments logo

Defined Benefits Combo Cash Balance Consultant

Loren D. Stark Company (LDSCO)
(Telecommute)

Loren D. Stark Company (LDSCO) logo

Defined Contribution Plan Administrator

401k America
(Telecommute / Chino CA)

Client Service Manager

July Business Services
(Telecommute / Waco TX)

July Business Services logo

5500 Specialist

401K Generation
(Altamonte Springs FL)

401K Generation logo

Senior Retirement Plan Administrator

Goldberg, Swedelson & Associates
(Telecommute / Encino CA)

Goldberg, Swedelson & Associates logo

Free Daily News and Jobs

“BenefitsLink continues to be the most valuable resource we have at the firm.”

-- An attorney subscriber

Mobile App image LinkedIn icon
Twitter icon
Facebook icon

View Coronavirus (COVID-19) News and Resources

<< Older News  |  December 4, 2020

News

All News > Cybersecurity

Get this news and more in our free daily email newsletters.
Protecting Retirement Plans from Credential Stuffing Attacks
Voya Link to more items from this source
Nov. 10, 2020

"There's a new type of cybersecurity threat on the rise ... called credential stuffing ... Cybercriminals rely on automated scripts to repeatedly enter illegally obtained usernames and passwords into customer-facing financial applications. Once they break into an account, they attempt to steal funds and data, and they may also gain access to the company's broader network."

Tags: 401(k) Plans  •  Cybersecurity  •  Retirement Plan Administration

DOL to Issue Guidance, Ramp Up Investigations on Cybersecurity
American Retirement Association [ARA] Link to more items from this source
Oct. 29, 2020

"The [DOL] is working on a guidance package addressing cybersecurity issues as they relate to plan sponsors and third-party providers ... Tim Hauser, Deputy Assistant Secretary for National Office Operations at [EBSA], also indicated that he expects to see more focus in the department's investigations on the adequacy of various cybersecurity programs, especially for large plans in terms of making sure the providers they hire are observing good cybersecurity practices."

Tags: Cybersecurity  •  Health Plan Administration  •  Retirement Plan Administration

ERISA/Cybersecurity Considerations in the COVID Age
Foley & Lardner LLP Link to more items from this source
Oct. 21, 2020

"[The Plan] Committee must ensure that technical, physical, and administrative safeguards are in place and are designed to protect the confidentiality, integrity, availability, and resiliency of plan assets, and that such safeguards meet the Committee's legal obligations and industry standards.... A key factor in understanding potential liability will be determined by how the Committee responds to and manages any cyber-attack if, as, and when one occurs."

Tags: Coronavirus (COVID-19)  •  Cybersecurity  •  Health Plan Administration  •  Retirement Plan Administration

Data Breaches and HIPAA Enforcement Remain Endemic Amidst the COVID-19 Pandemic
Health Law Advisor, Epstein Becker Green Link to more items from this source
Oct. 19, 2020

"[E]nterprise-wide risk analyses should account not only for PHI, but also for other personally identifiable information (PII). Nearly every organization will possess PII, ... with each bearing privacy and security obligations under a variety of federal laws and regulations specifically addressing cybersecurity practices. Organizations must also be mindful of state and local requirements concerning cybersecurity[.]"

Tags: Coronavirus (COVID-19)  •  Cybersecurity  •  HIPAA  •  Retirement Plan Administration

Who You Gonna Call? Implementing a Cybersecurity Breach Communication Plan
Segal Link to more items from this source
Oct. 12, 2020

"What's the difference between an incident response plan and a communication plan? ... Invest in your help desk, the first line of defense ... Let people know that you're on top of it ... Know when and how to escalate your response ... Letting the world know what's happened ... You can't resolve your cybersecurity breach without communication."

Tags: Cybersecurity  •  Health Plan Administration  •  Retirement Plan Administration

Third Party Administrator May Be Held Liable for ERISA Fiduciary Breach and Consumer Fraud Following Plan Data Breach
The Wagner Law Group Link to more items from this source
Oct. 9, 2020

"The opinion ... raises important questions -- not just about the scope of a TPA's ERISA fiduciary liability for distributing plan benefits that end up in a cyber criminal's pocket -- but whether ERISA plan TPA's can be sued for both ERISA fiduciary breach claims and state law consumer fraud claims resulting from the same alleged misconduct: the failure to enact cybersecurity procedures that prevent the theft of plan assets.... Liability both under ERISA and state law could lead to double or alternative recoveries for plan participants, and subject plan fiduciaries to state consumer fraud statutes that allow for compensatory and punitive damages." [Bartnett v. Abbott Laboratories, No. 20-2127 (N.D. Ill. Oct. 2, 2020)]

Tags: Cybersecurity  •  Fiduciary Duties  •  Retirement Plan Administration

Abbott Defendants Are Dismissed from Cybertheft Lawsuit -- at Least for Now
Cohen & Buckmann, P.C. Link to more items from this source
Oct. 8, 2020

"The plaintiff named Abbott Labs as a defendant, but the court dismissed these claims on the ground that plaintiff did not show that Abbott Labs acted as a fiduciary or was identified as a fiduciary in the plan document.... The court refused to dismiss allegations that an Illinois consumer protection statute was violated, finding that the state law was not preempted by ERISA. Alight may have committed an unfair business practice as defined in that law when Alight failed to implement security practices that would have prevented the theft, failed to protect personal information or to notify plaintiff promptly of changes to her account." [Bartnett v. Abbott Laboratories, No. 20-2127 (N.D. Ill. Oct. 2, 2020)]

Tags: Cybersecurity  •  Fiduciary Duties  •  Retirement Plan Administration

Protecting 401(k) Participants from Fraud in Turbulent Times
401(k) Specialist Link to more items from this source
Oct. 8, 2020

"The combination of the work-from-home model most workers are experiencing, coupled with the anxiety and emotional distress retirement plan participants could be feeling given market volatility and job losses related to the pandemic, provides a ripe target.... Here are several tips plan sponsors can share with participants to promote fraud prevention."

Tags: CARES Act  •  Coronavirus (COVID-19)  •  Cybersecurity  •  Retirement Plan Administration

Abbott Escapes Retirement Plan Cybersecurity Suit
planadviser Link to more items from this source
Oct. 6, 2020

"A federal judge found Abbott defendants were not fiduciaries with regard to the alleged acts, but claims against Abbott's retirement plan recordkeeper were allowed to stand." [Bartnett v. Abbott Laboratories, No. 20-2127 (N.D. Ill. Oct. 2, 2020)]

Tags: Cybersecurity  •  Fiduciary Duties

The Wagner Law Group Asks DOL for Cybersecurity Guidance
The Wagner Law Group Link to more items from this source
[Opinion]
Oct. 6, 2020

"A number of legal questions remain unanswered and there is an acute need for comprehensive guidance from the DOL. These questions include: [1] what is the specific personal and/or confidential participant information that must be safeguarded by plan fiduciaries; [2] what standard of care applies to the protection of participant personal information; [3] what is the plan administrator's responsibility with respect to disclosing to participants the unauthorized appropriation of participant information; and [4] whether state cybersecurity, privacy, consumer protection or other laws are pre-empted by ERISA."

Tags: Cybersecurity  •  Retirement Plan Administration

Cybersecurity More Effective If Regularly Reinforced
American Retirement Association [ARA] Link to more items from this source
Oct. 6, 2020

"[R]esearchers who studied 409 employees found that they were able to identify which emails were legitimate and which were phishing immediately after a security awareness and education program was conducted, and even four months after. But after half a year had elapsed, that was not the case.... The researchers then developed 'reminder measures' to refresh employees' knowledge and awareness.... [T]he interactive reminder measure and the one entailing a video were the most effective[.]"

Tags: Cybersecurity  •  Health Plan Administration  •  Retirement Plan Administration

Second-Largest HIPAA Fine Paid by Premera Blue Cross for 2014 Breach
FierceHealthcare Link to more items from this source
Sept. 28, 2020

"During the breach, which went undetected for nearly nine months ... a hacker had unauthorized access to the Premera network containing 10.4 million individuals' protected health information including their names, addresses, dates of birth, email addresses, Social Security numbers, bank account information and health plan clinical information, according to HHS. The hackers used a phishing email to install malware that gave them access to Premera's IT system."

Tags: Cybersecurity  •  HIPAA

Are Cybercriminals Stalking Your 401(k) Plan?
Benefits Law Group of Chicago Link to more items from this source
Sept. 17, 2020

"At least two pending federal cases deal with attacks on individual 401(k) plan accounts. The fact patterns are similar: a participant submits an electronic benefit withdrawal request to the employer or the plan's record keeper. The request is passed on to the plan's custodian for implementation.... Implementing an additional verification step could not only prevent cybercrime but also could establish a better defense based on the provider's claim of non-fiduciary status."

Tags: 401(k) Plans  •  Cybersecurity  •  Retirement Plan Administration

Cybersecurity Risk Considerations for 401(k) Plans
The CPA Journal Link to more items from this source
Sept. 8, 2020

"Many 401(k) plan sponsors mistakenly believe that when they delegate responsibilities to a record-keeping service provider, they have no liability for cybersecurity breaches.... [C]ase law is developing that should motivate plan sponsors to satisfy their fiduciary duty to enact prudent procedures and safeguards to protect plan assets and plan data."

Tags: 401(k) Plans  •  Cybersecurity  •  Retirement Plan Administration

Editor's Pick Best Practices for ERISA Fiduciary Responsibilities and Cybersecurity for Retirement Plans (PDF)
Epstein Becker Green, via Thomson Reuters Practical Law Link to more items from this source
Aug. 3, 2020

"Fiduciaries ... must: [1] Act prudently in responding to a breach of their plan participants' [protected health information (PHI)] and [personally identifiable information (PII)]. [2] Consider developing prudent policies and procedures for handling, collection, transmission, security and storage of all PII, data, and PHI. [3] Consider developing third-party procedures and notification and remediation measures for breaches of their plan participants PHI and PII.... This Note provides guidance for plan fiduciaries of retirement plans to develop prudent policies and procedures to secure information and data."

Tags: Cybersecurity  •  Retirement Plan Administration

CDC Revises Guidance for Discontinuing Home Isolation
Ogletree Deakins Link to more items from this source
[Guidance Overview]
July 23, 2020

"As the symptom-based strategy is the preferred strategy in many states and for many employers, this change to the CDC's guidance potentially shortens the period of time employees will need to remain out of work after testing positive for COVID-19 or developing clinically compatible symptoms. The CDC continues to adjust these guidelines based on emergency data on the virus."

Tags: Cybersecurity  •  FFCRA  •  FMLA and Other Leave

Prevent Cyber Theft of Plan Assets Before It's Too Late
ORBA Link to more items from this source
July 23, 2020

"Plan sponsors can protect themselves and plan participants by ... [1] Identifying (and halting) suspicious distribution requests.... [2] Monitoring other fiduciaries' distribution processes, protocols and activities to remain educated about the state of the art of participant protection. [3] Performing additional due diligence regarding service providers' accounting safeguards such as segregation of duties and personnel background checks. [4] Purchasing cyber theft insurance to help make a victimized plan participant whole and dissuade the plan participant from resorting to litigation to seek restitution."

Tags: Cybersecurity  •  Retirement Plan Administration

Alleged Boeing Retirement Plan Fraudster Charged in California
PLANSPONSOR; free registration may be required Link to more items from this source
July 21, 2020

"According to the indictment, from January 2019 to June 2019, [the individual allegedly] obtained the personal identifying information of various Boeing employees, along with information about their retirement accounts. He then allegedly made fraudulent withdrawal requests for checks and electronic money transfers totaling hundreds of thousands of dollars, the indictment claims."

Tags: Cybersecurity  •  Retirement Plan Administration

Recent Cybersecurity Decision Highlights Potential Claims Against Plan Sponsors
Cohen & Buckmann, P.C. Link to more items from this source
July 15, 2020

"A key difference from the facts stated in other cybertheft lawsuits is that the participant here was a co-trustee of the plan. He was also a principal in the firm that both sponsored the plan and was listed in the plan document as the plan administrator." [Leventhal v. MandMarblestone Group, LLC, No. 18-2727 (E.D. Penn. May 27, 2020)]

Tags: Cybersecurity  •  Fiduciary Duties  •  Retirement Plan Administration

Risk for Cyberattacks Heightened as Remote Work Continues
PLANSPONSOR; free registration may be required Link to more items from this source
July 13, 2020

"[A]side from a hacker stealing money, there's the drawback that defined contribution plans have an extensive amount of sensitive employee data shared through multiple channels. This distribution of information faces greater risk as plan professionals and participants access unsecured networks at home without proper security protocols."

Tags: Coronavirus (COVID-19)  •  Cybersecurity  •  Retirement Plan Administration

Plan Sponsor and Service Provider Submit Motions to Dismiss in Response to Data Breach Suit
The Wagner Law Group Link to more items from this source
July 9, 2020

"Further demonstrating the lack of clarity on who is liable when a plan suffers a data breach, on June 30th, Abbott Laboratories and Alight Solutions, pointed fingers at each other in dueling motions to dismiss a complaint that alleged both were fiduciaries in connection with a plan data breach that stole $245,000 from a participant's plan account. The Northern District of Illinois will now have to decide if, based on the complaint's allegations, either Abbott or Alight (or both) could have [1] fiduciary responsibility with respect to the theft of funds from the participant's account and whether [2] the plan participant has pled a plausible claim of fiduciary breach." [Bartnett v. Abbott Laboratories, No. 20-2127 (N.D. Ill. complaint filed Apr. 3, 2020)]

Tags: Cybersecurity  •  Fiduciary Duties

Best Practices for Plan Sponsors to Address Cybersecurity Concerns (PDF)
The Wagner Law Group Link to more items from this source
July 1, 2020

"The procedures many plan sponsors, third-party administrators, and record keepers currently have in place to exchange data or manage and verify participant withdrawals may no longer be prudent or feasible. Because of the urgency in dealing with this problem, the time is now for plan sponsors, plan fiduciaries and plan service providers to address and reevaluate cybersecurity concerns -- to ensure they and their participants will not fall victim to fraud, hacking or phishing schemes."

Tags: Cybersecurity  •  Retirement Plan Administration

401(k) Plans Beware: Identity Fraud Is Headed Your Way
American Retirement Association [ARA] Link to more items from this source
June 24, 2020

"[Consumer] account takeovers -- where a criminal gains unauthorized access to an online account belonging to someone else -- are trending at the highest loss rate, up 72% over the previous year. This is due in large part to technological advancements that have made it easier for criminals to manipulate and socially engineer information, while making it harder to detect account takeovers without additional security infrastructure."

Tags: Cybersecurity  •  Retirement Plan Administration

Coping with the Increase in 401(k) Cyberattacks and Fraudulent Plan Distributions
Greenberg Traurig Link to more items from this source
June 19, 2020

"The heightened level of plan distributions coupled with the security risks associated with electronic communications and the 'new normal' of working remotely, sometimes on personal computers, may increase the exposure of participants' confidential and personal data to cybercriminals.... Monitoring of the cybersecurity controls of third-party service providers, particularly the plan administrator, should occur on a regular basis and should be documented and involve experts if necessary."

Tags: 401(k) Plans  •  Cybersecurity  •  Retirement Plan Administration

Cybersecurity Considerations for Retirement Plan Fiduciaries
Thompson Hine, via Lexology; free registration required Link to more items from this source
June 1, 2020

"[P]lan administrators should ensure that the technical, physical, and administrative safeguards they have implemented to protect the confidentiality and integrity of plan assets satisfy basic legal requirements and meet industry security standards. Here are five areas that can serve as a starting point for a cybersecurity review in the retirement plan context[.]"

Tags: Cybersecurity  •  Retirement Plan Administration


<< Older News  |  December 4, 2020

© 2020 BenefitsLink.com, Inc.