With more and more retirement plan services moving online, a recent case arising in the U.S. District Court for the Southern District of New York, Giannini v. Transamerica Retirement Solutions, LLC (“Giannini”),[1] highlights the importance of cybersecurity and anti-fraud considerations for plan fiduciaries and service providers alike.
In Giannini, the plaintiff was a retirement plan participant who filed suit in a proposed class action against Transamerica Retirement Solutions, a third party administrator/recordkeeper, after the company notified him of a data breach exposing the plaintiff’s personally identifiable information (“PII”). The plaintiff alleged that the breach occurred because unauthorized parties were able to access PII due to a Transamerica system configuration change, which left sensitive information such as social security numbers and retirement fund contribution amounts exposed. The plaintiff also alleged this data breach affected over 11,000 retirement plan beneficiaries and caused spam emails, spam calls, fraudulent credit card and bank account inquiries, and fraudulent purchases made in his name. Continue Reading A Cautionary Tale for Plan Fiduciaries and Service Providers: Cybertheft, Fraud, and Potential Liability