Compliance May 23, 2023

Participant Data Breach Hits Retirement Clearinghouse

The clearinghouse alerted more than 10,000 people that private information, including IRA account data, may have been stolen.

Reported by

Retirement Clearinghouse LLC, an industry leader in driving forward the automatic portability of retirement plans, has alerted more than 10,500 individuals that their personal data, including individual retirement account numbers, may have been compromised.

The organization alerted individuals with written notice, dated May 12, that their information may be at risk for fraud, according to public filings in the states where they are located.

For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.

“We identified that between March 15 and 16, 2023, a small number of files were at risk of access without authorization,” the firm wrote in the letter. “Because of this, we took measures to ensure the security of the files and notify potentially affected individuals about this matter.”

According to the firm, the files included people’s names, Social Security numbers and IRA account numbers held by Matrix Trust Co., a division of Broadridge Financial Solutions that provides services including IRA administration, rollovers and third-party administration recordkeeping. The letter sent by Charlotte, North Carolina-based Retirement Clearinghouse offered a complimentary, three-month membership to an identity protection product to help monitor identity theft or fraud.

“The phishing incident did not affect the network that the firm is establishing with large retirement recordkeepers to reunite small 401(k) balances with their owners,” Retirement Clearinghouse CEO Spencer Williams said in an emailed statement.

Broadridge wrote in a statement that it is “coordinating with Retirement Clearinghouse in their efforts to inform all impacted individuals of this situation and the services being offered to protect their data.”

Ignites first reported the breach notifications.

Protection of consumer information within retirement savings plans has been a key focus for the industry in recent years, with the Department of Labor’s Employee Benefits Security Administration issuing cybersecurity guidance, tips and best practices regarding retirement benefits in April 2021. The SPARK [Society of Professional Asset Managers and Recordkeepers] Institute has also been focused on improving cybersecurity in the space, including a November 2022 plan sponsor and adviser guide to cybersecurity best practices.

“We see the cyber breaches across our lives almost every day; we have, in fact, gotten immune to new news,”  says Jay Gepfert, CEO of DOL Cybersecurity LLC, which provides third-party evaluation of the DOL’s cybersecurity guidelines.

Gepfert notes that there are two levels of potential breaches: a “breach by the recordkeeper directly” and a “breach into an account due to participant fault.” He notes that his firm’s research shows that more than 75% of breaches come from individual human error, usually due to one of the various methods to gain access being compromised.  

“Most of the large, national recordkeepers have for years spent large amounts of money on their cyber systems and procedures,” Gepfert says. “This includes both from a technical perspective and training of employees on how to handle the expanding volume of attempts to gain access. … The real weak point for gaining access is through employees and participants.”

The Retirement Clearinghouse’s auto-portability network has brought together retirement recordkeepers, retirement solutions providers and plan sponsors to improve auto-portability among retirement plan participants and reduce savings leakage. The network includes financial firms such as Empower, Fidelity Investments, TIAA and Vanguard and represents about 62 million workers and 139,000 employer-sponsored retirement plans.

The clearinghouse “involves collecting information about the individuals from organizations to facilitate the transfers,” the Retirement Clearinghouse wrote in the letter notifying impacted individuals.

According to the public filings, Retirement Clearinghouse saw suspicious activity on one email account on March 15 and 16 and alerted the organization most likely to be affected by the breach. After an investigation, Retirement Clearinghouse reported the breach and began contacting participants with the offer of complimentary use of Experian’s IdentityWorks product to detect and resolve identity theft. The firm also provided the individuals with information on how to place a fraud alert and credit freeze on their finances and with contact details for national consumer reporting agencies.

The states involved in the breach included Maine, Maryland, New York, North Carolina and Rhode Island, as well as Washington, D.C., according to the public filings.

The Retirement Clearinghouse also wrote in the letter that it is “evaluating additional safeguards to mitigate recurrence of this type of event.”

Retirement cybersecurity expert Gepfert notes six key tactics to help people avoid becoming part of the 75% of human mistakes that let in bad actors. They are: changing privacy settings on phones and computers; keeping software applications and operating systems up-to-date; creating strong passwords; using two methods of verification; learning about phishing email scams; and not sharing login information with other individuals.

Gepfert expects more cybersecurity guidance on retirement plan protection coming from the DOL in the near future. That is in part because plan sponsors are still in the process of reacting to the initial guidance, and further nudges may be needed for the guidance to “run downhill.”

Benefits May 23, 2023

Major Savings Barriers Include Benefits Language, Financial Stress

Unclear communication from plan sponsors too often gets in the way of participants fully understanding the benefits available to them. 

Reported by

While many workers feel positive about the benefits offered to them in the workplace—from medical insurance to retirement savings—a majority of employers face challenges educating participants about their benefits, according to a recent report. 

A two-thirds majority of employers (68%) said workers underutilize the services, benefits and programs available to them, according to The Hartford Financial Services Group Inc.’s 2023 “Future of Benefits Report,” which surveyed 500 employers and 1,100 U.S. workers. 

Never miss a story — sign up for PLANSPONSOR newsletters to keep up on the latest retirement plan benefits news.

In the report, The Hartford argued that there is a distinct need for better benefits education and resources to support workers’ overall wellness.  

Communications Barrier 

Even though 92% of employers surveyed said it is important to help employees realize that benefits offered are applicable to them, younger workers often feel that certain benefits offered are not meant for them. For instance, 62% of Generation Z respondents said they felt long-term disability insurance was not meant for them. 

In addition, 57% of employers said educating workers about benefits is a challenge. That number, however, is down from 76% of employers in 2022, which the report attributed partly to challenges communicating with employees during the COVID-19 pandemic.  

The report also found that many employees feel the complex wording used to describe benefits is a barrier to employees fully understanding what is available to them. For example, 38% of workers said the names and descriptions of employee benefits are confusing, and 61% of employers agreed that the names and descriptions used to identify employee benefits can be confusing to workers. 

In the same vein, 49% of employers said they believe their employees do not understand the supplemental benefits offered by the company and what those benefits cover. Supplemental benefits are additional insurance plans offered by the employer, such as short-term disability insurance or accident insurance.  

Some 42% of surveyed workers expressed support for improved resources to help them understand their benefits, and The Hartford report recommended that plan sponsors use storytelling techniques to demonstrate how specific benefits are relevant to an employee’s unique lifestyle. In addition, the report encourages workers to re-evaluate their benefit options each year, as changes in their life circumstances may alter what benefits they need.  

Megan Yost, a senior vice president and engagement strategist at San Francisco-based HR and benefits communication firm Segal Benz, previously told PLANSPONSOR that one of the best ways for plan sponsors to build trust with employees is to “be direct and communicate frequently.” In the absence of communication, Yost said participants sometimes create their own stories about what might be happening in the organization. 

Financial Stress and Mental Health 

Workers consumed by their own financial stress may also require more education from plan sponsors on how to better plan for retirement, manage debt and establish a savings plan. 

In The Hartford’s survey, 23% of workers said they feel very stressed when thinking about their household finances, and 16% said they feel extremely stressed. The latter had the highest rate among Millennials (38%), compared to Generation X (31%), Baby Boomers (29%) and Generation Z (28%), in this survey.  

Additionally, 30% of all workers said financial health always or almost always affects their productivity at work. 

Other evidence of the impact stress has on work came in a survey released Tuesday by Financial Finesse, a provider of workplace financial wellness coaching programs. “Workplace Financial Wellness in America found that the number of employees reporting unmanageable financial stress climbed 34% in 2022, fueled by workers’ concerns about both the U.S. economy and their ability to maintain control over their financial situations.  

The report was based on responses from 34,168 employees who interacted with Aimee, Financial Finesse’s artificial intelligence-powered virtual financial coach, between April 1, 2021 and December 31, 2022. 

Single parents reported experiencing unmanageable financial stress most frequently (57%), followed by single adults with no children (28%) and married parents (23%).  

However, employees who engaged with any kind of financial coaching had a higher rate of accomplishing certain goals, according to Financial Finesse. For example, 89% of employees who adjusted their spending to save more for retirement are now saving enough to receive their employers’ full retirement match.  

In terms of financial education, a majority of workers (57%) in The Hartford’s survey said they would most welcome education on retirement planning. More than one-third of workers also said they were most likely to look for financial advice resources from their employers when planning for retirement.  

The Hartford also advised plan sponsors to educate workers about how certain employee benefits can help protect employees’ paychecks when they are faced with an unexpected illness or any sort of emergency. 

“Demonstrate to your workforce that you care about their overall wellness and foster a work environment in which workers feel comfortable seeking help when needed,” the report stated.  

The Hartford’s study was conducted between February 14 and February 28. The survey was completed by HR professionals who manage/decide employee benefits at the employers’ firms, and the workers surveyed were actively employed. 

«