SHRM says 401(k) info could be targeted

The Equifax hack has shown not just how easy it can be for the bad guys to get hold of personal information from major repositories like the Equifax database, but also highlights the need for employers to be aware that such hacks put employees’ personal data at risk.

In particular, 401(k)s could be targeted by those who managed to snatch the information, according to the Society for Human Resource Management.

It points out in a report that Equifax is by far not the only holder of sensitive information that could be used and abused by cybercriminals. In fact, last year the Chicago Tribune reported that the retirement accounts of 91 municipal employees had been breached.

The cybersecurity incident at consumer credit reporting agency Equifax, announced September 7, affected 143 million U.S. consumers, according to Edward McAndrew, an attorney with Ballard Spahr in Philadelphia and former cybercrime prosecutor for the Department of Justice.

The information accessed and now compromised includes names, Social Security numbers, birth dates, addresses and in some instances driver’s license numbers, as well as other information such as credit card numbers.

That can put an employee’s entire financial—and even health—life at risk, if cyberthieves target retirement plan assets and health insurance coverage.

However, while accounts need to be monitored going forward (they should be anyway), employees needn’t assume that just because of the Equifax hack 401(k)s are more vulnerable than before.

That’s according to Robert Siciliano, CSP, CEO of in Boston, who says in the report that “it’s a leap” to think that way. He says that using multifactor authentication — that is, requiring the user to present several pieces of evidence to prove their identity — to access a retirement plan account is a good idea, noting that it has been a practice recommended by the U.S. Federal Financial Institutions Examination Council since 2005.

Continue Reading