What You Need to Know
- The government watchdog group says data sharing practices put plan participants at risk of cyber breaches.
- It urged the Labor Department to set minimum guidelines for fiduciaries to protect millions of investors.
- A failure to take action could lead to cyberattacks that erode confidence in the retirement system.
Not only do 401(k) investors have to worry about market risk, they also have to watch out for cyber criminals who could steal their retirement savings and identity, according to a Government Accountability Office report issued Monday that recommends that the Labor Department issue guidance on the problem.
The GAO report, released by Sen. Patty Murray, D-Wash.; Rep. Bobby Scott, D-Va.; and Sen. Maggie Hassan, D-N.H., reviewed cybersecurity threats posed to retirement plans. The agency conducted its review in response to a 2019 inquiry by the three lawmakers.
Murray is chair of the Senate Health, Education, Labor and Pensions Committee, and Scott chairs the House Education and Labor Committee.
“This report confirms cybersecurity and retirement security go hand in hand, and it’s time we make sure we have policies that reflect that reality,” Murray said in a release.
According to the GAO report, as of 2018, there were 106 million people in private retirement plans that had roughly $6.3 trillion in assets.
It noted that “a host of plan administrators share the personal information used to administer these plans via the internet, which can lead to significant cybersecurity risks. In some cases, there is no federal guidance about how to mitigate these risks.”
The GAO’s report urged the Labor Department to clarify whether fiduciaries are responsible for cybersecurity, and if so, issue guidance on minimum expectations for reducing cybersecurity risks, the release said.