Update from the Employee Benefit Plan Audit Team

401(k) Record-Keepers Take Additional Security Options

401(k) Record-Keepers Take Additional Security Options

Equifax, recently revealed that from May to July 2017, computer hackers lifted the information of about 143 million Americans stored in the company’s database. Data exposed includes names, addresses, birthdays, phone numbers, Social Security numbers, driver’s license numbers, among other information.

Record-keepers of 401(k) and similar retirement plans often use Social Security numbers as default user names. They also use phone numbers to gain account access under a two-factor authentication protocol which is a randomly generated security code sent via text or voice to an investor’s enrolled number.

Record-keepers already have appropriate measures in place to protect plan assets and they are now offering additional security services that individuals can take to secure 401(k) assets.

For example, Vanguard Group has offered clients additional security services such as establishing voice verification, adding email alerts on all account activity, and restricting access to recognized computers and mobile devices only.

In general, individuals who believe they may have been affected by the Equifax breach should take the following steps:

  1. Establish an alternate customer identifier if you are currently using your Social Security as the user ID.
  2. Update security questions and answers.
  3. Regularly monitor accounts.
  4. Promptly report any concerns to the record-keeper.
 Please contact us if you have any questions.
Jodi Malis , CPA
Robert Faust, CPA
Senior Manager