Retirement Clearinghouse, a 401(k) and IRA portability firm that moves retirement account balances to new employers, is the latest organization to suffer a data breach impacting over 10,500 individuals.
Earlier this month, the firm notified individuals that their personal data had been compromised in a phishing attempt back in March, in which the organization reported suspicious activity with one email that saw a “small number of files at risk of access without authorization,” wrote Retirement Clearinghouse in its letter on the breach.
“Because of this, we took measures to ensure the security of the files and notify potentially affected individuals about this matter,” the firm said in its report.
According to public filings, Retirement Clearinghouse said individuals in Maine, Maryland, Massachusetts, New York, North Carolina, Oregon, Rhode Island, Texas, Vermont and Washington, D.C, may have been impacted by the breach, with the possibility of other states having been compromised.
In its disclosure to the Maine attorney general’s office, Retirement Clearinghouse said it had begun an investigation after the incident and identified a “potentially affected organization” on March 18. The investigation then confirmed on March 28 that the account may have been at risk of access without authorization.
Retirement Clearinghouse said it undertook a “comprehensive review of the data to determine its contents,” before ultimately notifying individuals on May 12. The breach was first reported by Ignites on Tuesday.
The exposed client data includes account holders’ names, individual retirement account (IRA) numbers held by Matrix Trust Company, a division of Broadridge Financial Solutions, and Social Security numbers.
The Charlotte, North Carolina-based firm said it is offering complimentary, three-month membership to identity theft protection through Experian, as well as information on how to put out a fraud alert and credit freeze. Retirement Clearinghouse is also recommending compromised individuals review their account statements and monitor free credit reports for suspicious activity and to detect errors.
The data breach comes even as regulatory houses issue ample guidance on cybersecurity protocols for the financial services and retirement industry. The Department of Labor (DOL’s) Employee Benefits Security Administration issued its own guidance, tips, and best practices on the matter in 2021, while the Securities and Exchange Commission (SEC) proposed a new package of regulation for broker-dealers and other groups last year.
SEE ALSO:
- SEC Sets Sights on Cybersecurity for RIAs
- SPARK Institute Releases Updated Cybersecurity Standards for Plan Sponsors and Advisors
Amanda Umpierrez is the Managing Editor of 401(k) Specialist magazine. She is a financial services reporter with over six years of experience and a passion for telling stories and reporting news. Amanda received her degree in journalism and government and politics at St. John’s University. She is originally from Queens, New York, but now resides in Denver, Colorado with her partner. In her free time, Amanda enjoys running, cooking, and watching the latest drama show.