Adam Solander and Robert Hudock Featured in “Benefits Departments Cautioned on Hacking Threat”

Employee Benefit News

Adam C. Solander and Robert J. Hudock, Members of the Firm in the Health Care and Life Sciences practice, in the firm’s Washington, DC, office, were featured in an Employee Benefit News Q&A titled “Benefit Departments Cautioned on Hacking Threat.”

Following is an excerpt:

Who is responsible?

Although the principal 401(k) recordkeepers have sophisticated cyber-security systems in place, some smaller firms may not. The recordkeeper may — or may not — be responsible for recovering stolen 401(k) funds. “Under most contracts the plan sponsor has to fulfill certain conditions” to be indemnified against losses Solander says.

The service agreement, for example, might establish standards for firewall maintenance and systematic patching of detected vulnerabilities. A failure to do on the employer’s part would take the recordkeeper off the hook in the event of a successful hack.

Sometimes, the hackers live a lot closer to home than one might expect.

In one case Hudock is familiar with, an employee tried to perpetrate a fraud to double his 401(k) assets. “The employee gave his girlfriend his login information, told her to transfer the funds out, then told the employer his account had been hacked,” he recalls. The scam was unsuccessful.