Legal   |   ADV   |   Privacy   |   CRS

Cybersecurity Alert: Beware of Hacks to Your 401(k) Plan


Reports of major data breaches at large corporations are becoming commonplace — from the 500 million Marriott International customers whose personal information was stolen by hackers to the 148 million consumers who were victimized in the 2017 Equifax data breach.

Now there’s a new data security threat to be aware of: Hacks into your retirement savings account. Some retirement savers have been victimized by thieves who were able to obtain enough personally identifiable information to transfer money out of their accounts, literally wiping out their retirement savings.

How the Scam Works

Here’s how such a scam usually works: A hacker obtains a saver’s personally identifiable information — such as his or her Social Security number, birthdate and address — on the dark web. Using this information, the hacker contacts the plan provider posing as the saver and asks to have money in the retirement account transferred to a different savings account.

If the thief has enough personal information to convince the phone rep that he really is the saver, the funds transfer is likely to go through. This is exactly what happened at one large plan provider last year, where a number of participants’ retirement accounts were breached in this way.

Cybercrime experts say that this is a new type of cyber threat that didn’t really exist just a few years ago. In response, some plan providers are stepping up their efforts to detect and prevent theft of participants’ retirement savings funds.

For example, some retirement plan recordkeepers are joining together in the fight by anonymously sharing information with each other about cyberattacks they’ve experienced. This includes where the attacks are originating from and the hacking methods used by thieves. They are using the shared information to work on building effective defenses to guard plan participants’ retirement savings.

Unfortunately, there is no federal insurance program to reimburse participants who are victimized by this type of cybercrime, nor are there any industry policies regarding reimbursements. But so far, most plan providers have been stepping up to provide full reimbursement of any retirement funds that are stolen by hackers in this way.

How to Protect Your Assets

Given the rising risk of this type of cybercrime, it’s smart to be proactive in guarding your retirement assets from theft by hackers. Here are a few ideas:

  1. Keep a close eye on your retirement account. Go over your monthly statements (both paper and electronic) carefully, instead of just ignoring them. The sooner you spot any unauthorized distributions, withdrawals or loans, the faster you can take action to get your money reimbursed and shut down the fraudulent activity.
  2. Learn about your plan’s distribution policy. Some retirement plans don’t allow employees who are still working or haven’t yet reached retirement age to make distributions. And those that do often require participants to fill out extra paperwork, which can help deter thieves.
  3. Choose multi-factor authentication. Two-factor authentication won’t be effective if the thief has access to your email account and cell phone number. Instead, opt for multi-factor authentication that uses more than two sources to verify that you are who you say you are when requesting distributions from your account.
  4. Practice good password security. Choose a strong password for access to your retirement account that uses a good mix of upper and lower case letters, numbers and special characters. Also be sure to change your password periodically, such as twice a year, for example.
  5. Watch out for phishing emails. These emails designed to trick savers into giving away personally identifiable information and opening dangerous attachments are getting more sophisticated and harder to spot, even for experienced cybersecurity pros. Never click on links or open attachments in any email if you’re not 100 percent sure about the identity of the sender.
  6. Don’t use unfamiliar WiFi networks. Many public WiFi networks don’t have robust security. Therefore, it’s usually not a good idea to use such networks to access your retirement account online.

Please give us a call if you have any questions about the security of your retirement savings and what you can do to keep them safe.



The commentary is limited to the dissemination of general information pertaining to Frontier Wealth Management, LLC’s (“Frontier”) investment advisory services. This information should not be used or construed as an offer to sell, a solicitation of an offer to buy or a recommendation for any security, market sector or investment strategy. There is no guarantee that the information supplied is accurate or complete. Frontier is not responsible for any errors or omissions, and provides no warranties with regards to the results obtained from the use of the information. Nothing in this document is intended to provide any legal, accounting or tax advice and Frontier does not provide such advice. This information is subject to change without notice and should not be construed as a recommendation or investment advice. You should consult an attorney, accountant or tax professional regarding your specific legal or tax situation.