Parties In Suit About Estee Lauder 401(k) Account Data Breach Announce Settlement

Details of the settlement in the first case of its kind to call into question the cybersecurity defenses a plan sponsor and its providers had in place for retirement account fraud have not yet been revealed.

A former participant in the Estee Lauder 401(k) plan—who sued the plan sponsor and plan providers for failing to safeguard her retirement account—the plan’s recordkeeper Alight Solutions (formerly Aon Hewitt) and Estee Lauder have filed a Notice of Settlement in the U.S. District Court for the Northern District of California.

The notice says the parties will require several weeks to formalize their settlement and complete certain actions required by the agreement. They expect to be in a position to dismiss the case no later than April 10.

For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.

The case was the first of its kind to call into question the cybersecurity defenses a plan sponsor and its providers had in place for retirement account fraud. According to the complaint, in September and October 2016, an unknown person or persons stole the participant’s retirement savings by withdrawing a total of $99,000 in three separate unauthorized distributions from her account in the plan.

The lawsuit claims that the defendants breached their fiduciary duties of loyalty and prudence by causing or allowing the unauthorized distributions of plan assets; failing to confirm authorization for distributions with the plan participant before making distributions; failing to provide timely notice of distributions to the plan participant by telephone or email; failing to identify and halt suspicious distribution requests, such as requests for multiple distributions to accounts in different banks; failing to establish distribution processes to safeguard plan assets against unauthorized withdrawals; and failing to monitor other fiduciaries’ distribution processes, protocols and activities.

The lawsuit originally named State Street Bank & Trust, the plan’s custodian, as a defendant, but according to news report, State Street is no longer a party in the suit.

«