Citing data breaches in several industries, the US Government Accountability Office on Monday called on the Department of Labor to step up protection for investors in retirement plans against the growing threat of cyber theft.

In a report on the cybersecurity of the country’s private pension industry, the Congressional Authority recommended that the Department of Labor regulating 401 (k) and other retirement plans clarify that employers and administrators acting as trustees of the 401 (k) plan have a law are responsible for protecting subscribers’ private information and savings from online theft.

GAO also urged the Department of Labor to establish standards to guide retirement planning in protecting 401 (k) accounts.

Until the Ministry of Labor takes such steps, “participants’ data and assets will remain at risk,” the report said. “It has become imperative that industry and government prevention and mitigation efforts evolve to keep up with these threats.”


What steps have you taken to protect your 401 (k) s and other assets from cybersecurity threats? Join the following conversation.

Labor Department officials declined to comment.

In the report, Labor Department officials told GAO investigators that they believe cybersecurity is a major concern for retirement plans and that the department plans to provide 401 (k) sponsors and administrators with guidelines to protect 401 (k) participants Issuing violations.

There is little data on 401 (k) violations.

Those who work in the retirement industry have said it has an increase in online theft of the personal information and savings of the two 401 (k) participants over the past few years.

About $ 11.3 trillion is in individual retirement accounts, and 401 (k) -like accounts hold $ 9.3 trillion.

Recent legal proceedings, in which hundreds of thousands of dollars were allegedly stolen from three people in separate 401 (k) plans, highlight the risks to workers and retirees.

While 401 (k) recorders generally promise to reimburse consumers for such losses, there are no guarantees and some participants have sued employers and recorders to seek reimbursement.

According to the GAO report, the data that employers and 401 (k) service providers electronically share, including participants’ social security numbers, addresses, and dates of birth, is a major vulnerability.

In some cases, the report says, insiders employed by 401 (k) Plan sponsors have committed these crimes.

A patchwork of federal laws and regulations regulates cybersecurity responsibility in 401 (k) plans, the report said. However, individual laws may not apply to all parties involved in administering the plans.

The 1974 Federal Retirement Income Protection Act governing 401 (k) plans was enacted before the Internet. As a result, questions, including who is at risk for cyber-theft-related losses, remain unclear, according to a letter from Rep. Bobby Scott, D., Va. And Sen. Patty Murray, D., Wash. From 2019 the GAO requesting the report.

In a statement, Senator Murray said, “This report affirms that cybersecurity and retirement protection go hand in hand, and it is time to make sure we have policies that reflect that reality.”

Write to Anne Tergesen at [email protected]

Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Published in the print edition of March 16, 2021 as “Protective measures for old-age provision against cyber-robbery”.