Experts explain the top tips for protecting clients’ retirement accounts and Social Security benefits
For clients, the latest Social Security data hack could be unsettling, especially for those in retirement or nearing it. Retirement plan advisors have an opportunity here to mitigate concerns while preparing clients for future scenarios.
It all started when billions of Social Security numbers were leaked after cybercriminal group USDoD stole the sensitive records from National Public Data, a background-check data company based in Coral Springs, Florida. NPD says hackers had previously attempted to steal the data in December 2023 and succeeded with “potential leaks of certain data in April 2024 and summer 2024,” that included names, email addresses, phone numbers, Social Security numbers, and mailing addresses from residents in the U.S, UK, and Canada.
The hacking group has since attempted to sell the personal data records on the dark web for $3.5 million and has claimed it stole data from each individual across the three countries.
While USDoD has attempted to sell the data, other threat actors have since released limited copies of the records for free, with each version sharing different data points including Social Security numbers and mailing addresses.
As a result of the leak, Jerico Pictures Inc., who does business as National Public Data, has faced at least seven class-action lawsuits, each accusing the company of negligence and breaches of fiduciary duty, among other allegations.
One lawsuit, filed on August 1 by California plaintiff Christopher Hofmann, accused the company of negligence, unjust enrichment, and breaches of fiduciary duty, among other allegations. It also accused National Public Data of obtaining personal data in an unjust and nonconsensual manner. To conduct its business, NPD scrapes personally identifying information (PII) of individuals from non-public sources, meaning that plaintiffs never willingly gave the company their information.
The lawsuit seeks monetary relief and an order mandating NPD take actionable steps to prevent future breaches.
Cyberthreats to retirement plans have gained increasing momentum over the past years. In 2023, a vulnerability involving a third-party file-transfer software called MOVEit led to a data breach impacting millions of individuals with accounts in leading financial services corporations, including Prudential, Charles Schwab, TIAA, and New York Life, along with hundreds of thousands of retirees enrolled in the California Public Employees’ Retirement System (CalPERS).
401(k) Specialist spoke with experts on how advisors can mitigate worries from retirement plan participants, while also preparing them for possible future hacks.