When Your 401K Gets Hacked

When Bill Foster’s 401K account was emptied and he lost over $40,000 he did what a lot of us might do: he sued the company managing his funds.  But the verdict was rendered a few months ago: the company is not responsible.  It’s his fault since he failed to file a change of address, and someone else used the information she received (by snail mail, at his old address) for accessing his account.

In another case in 2007 a man lost $179,000.  He was hacked by a cybercriminal, but it was also concluded there was no liability on the part of the fund company.  Fortunately for him, investigators were able to recover the funds before they were wired out of the country.  Unfortunately for the rest of us, cybercriminals are much smarter today than they were in 2007.

In the first instance, Bill had moved out of his home a few months before the 401K fund managers sent a letter to his home with details on how to access his accounts.  His estranged (soon to be ex) wife opened the letter and used his Social Security number to reset his password and receive a new pin.  Bill only discovered she had drained his account the following year.  Although clearly his ex-wife’s actions were fraudulent, Bill is considered liable because he did not follow “fund policy” (those rules written in micro-Sanskrit at the bottom of the documents we receive from fund managers) and request a change of address as soon as he moved.

Seriously: this is the basis of a judgment involving the loss of $40K in assets.  Bill neglected to file a change of address.

Over the weekend I was shredding old documents as I thought about the case.  I couldn’t help but notice how cavalier we were ten years ago about Social Security numbers!  They were often printed on every page of documents which were merely meant to uniquely identify us.  There was no thought about how many hands the docs might pass through or what a person acquiring the number might do with it.  And remember when our credit card companies stopped putting the full account number on statements which were mailed?  Old statements have every digit on every page.  Ah, the good old days before the cybercrime explosion…in retrospect, we were so carefree.

So here’s my tip of the day: consider where all your old documents are and who has access to them, whether they are in print form or electronic.  This is especially important for accounts which haven’t changed in years (as is true for many IRAs and 401Ks), because if those documents fall into the wrong hands it could really cost you.  Shred everything you don’t need and keep the rest safely stored away.  And if you dissolve a romantic or professional relationship with a person who: a.) knows your Social Security number; b.) knows your home address; and c.) is the slightest bit ethically-challenged, be sure to change all your passwords and add additional security criteria on all your retirement accounts.



Tags: , , , , , ,

One Response to “When Your 401K Gets Hacked”

  1. Deb Atwood says:

    Scary stuff! Great advice, thanks.

Leave a Reply