Your 401(k) is the new identity theft target

An impostor phoned Alight Solutions, the recordkeeper for Colgate-Palmolive's 401(k) plan, and identified herself arsenic a Colgate employee. She asked to update the interaction accusation connected an account. Months later, the full $751,430 equilibrium had been sent successful a azygous lump sum to a Las Vegas code and slope account. The existent relationship holder, Paula Disberry, was surviving successful South Africa.

Disberry sued Alight, Colgate's benefits committee and BNY Mellon, the plan's custodian, to retrieve the money. The lawsuit was aboriginal settled connected undisclosed terms. The tribunal ne'er ruled connected whether Alight had to reconstruct the funds.

In February 2026, the Government Accountability Office told the U.S. Department of Labor to contented caller guidance connected status program subordinate data. The GAO cited eleven abstracted lawsuits filed betwixt 2009 and 2024 nether the Employee Retirement Income Security Act, the national instrumentality governing backstage status plans.

When relationship takeover hits a 401(k), the user protections that govern recognition paper fraud bash not apply.

 Sign up for my FREE CyberGuy Report

• Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox.
• For simple, real-world ways to spot scams aboriginal and enactment protected, sojourn CyberGuy.com - trusted by millions who ticker CyberGuy connected TV daily.
• Plus, you'll get instant entree to my Ultimate Scam Survival Guide escaped erstwhile you join. 

REMOVE YOUR DATA TO PROTECT YOUR RETIREMENT FROM SCAMMERS

A stolen 401(k) shows however 1 telephone call, exposed idiosyncratic details and anemic account-change safeguards tin drain status savings. (Kurt "CyberGuy" Knutsson)

How the 401(k) relationship was drained

The Disberry lawsuit began erstwhile an impostor called Alight's Benefits Information Center. She gave Disberry's name, the past 4 digits of her Social Security number, her day of commencement and the mailing code Alight had connected file. That was capable to wide the telephone center's information check.

She past asked Alight to update the interaction accusation connected Disberry's account. Alight did not nonstop an alert to Disberry's existing email code oregon telephone number, some of which it had connected file. Instead, the institution issued a impermanent password done the mail.

Disberry's program had a 14-day waiting play betwixt an code alteration and immoderate distribution. Her suit alleged that Alight skipped it. Within weeks, the impostor logged in, requested a afloat payout, and BNY Mellon mailed a cheque to a Las Vegas address.

Why the 401(k) relationship takeover isn’t an isolated case

Heide Bartnett, a erstwhile Abbott Laboratories employee, sued Alight implicit a $245,000 401(k) distribution. She alleged that a hacker utilized the program portal's "forgot password" diagnostic to reset her credentials and trigger the payout. Other status program recordkeepers person faced akin cybertheft lawsuits.

The occupation extends beyond 401(k) accounts. The FBI's April 2026 Internet Crime Report recovered that Americans 60 and older mislaid $7.7 cardinal to net transgression successful 2025, a 59% leap from the twelvemonth before. Investment fraud accounted for $3.5 cardinal of those losses, making retirement-age savers a large people for online criminals. 

INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU

Retirement relationship takeovers tin commencement with leaked names, commencement dates, partial Social Security numbers and reused passwords from past information breaches. (Kurt "CyberGuy" Knutsson)

How thieves instrumentality implicit status accounts

Account takeovers statesman with accusation idiosyncratic already has. Names, dates of birth, partial SSNs and email addresses look successful acheronian web breach dumps, often combined with leaked passwords from unrelated services. When the relationship holder reuses a password crossed accounts, hackers tin trial that breach information straight against the recordkeeper's login portal.

Disberry's takeover bypassed the login portal entirely. The impostor ne'er logged successful to Disberry's relationship directly. She called Alight's telephone center, utilized what she already knew astir Disberry to wide individuality verification and had the interaction accusation changed. After that, the impermanent password Alight mailed went determination lone the impostor could intercept.

Some thieves skip the recordkeeper and spell consecutive for the relationship holder. The New York Times documented the lawsuit of Barry Heitin, a 76-year-old retired lawyer, who mislaid $740,000 successful 2024 aft receiving a telephone from idiosyncratic claiming to beryllium a national fraud investigator. The caller convinced Heitin that his status accounts were nether onslaught and walked him done transferring the wealth retired himself. He believed helium was helping a national investigation.

How to support your 401(k) and status savings

Federal protections for status relationship theft are limited, but respective account-level controls outgo thing and whitethorn marque takeovers harder.

• Turn connected multi-factor authentication connected the recordkeeper portal. A stolen password is acold little utile erstwhile a one-time codification is required.
• Enable each account-change alert. Email and substance alerts for password resets, interaction accusation updates, code changes and slope relationship changes are the earliest signals that idiosyncratic other has entree to your account.
• Ask your program head astir organisation holds. Some plans enforce a waiting play betwixt an code alteration and immoderate distribution. Get the argumentation successful penning and corroborate what triggers the hold.
• Review statements quarterly. A caller slope relationship oregon a alteration successful interaction accusation shows up faster connected a quarterly reappraisal than connected an yearly one.
• Get an IRS Identity Protection PIN. The six-digit PIN, disposable astatine irs.gov/ippin, blocks fraudulent taxation returns filed utilizing your SSN.
• Freeze your recognition astatine each 3 bureaus. A freeze blocks caller accounts from being opened successful your name. Equifax, Experian and TransUnion person offered escaped freezes since September 2018.

HOW TO STOP IMPOSTOR BANK SCAMS BEFORE THEY DRAIN YOUR WALLET

Multi-factor authentication, account-change alerts, recognition freezes and regular connection reviews tin assistance support your 401(k) earlier thieves strike. (Kurt "CyberGuy" Knutsson)

Where individuality theft monitoring tin help

Account-change alerts connected the recordkeeper portal lone enactment if the recordkeeper sends them. The Disberry lawsuit showed what tin hap erstwhile those alerts spell unsent.

A beardown individuality theft monitoring work tin adhd different furniture of extortion by watching for suspicious enactment beyond the status program portal. Some services fto you nexus bank, recognition paper and concern accounts truthful you tin person alerts erstwhile unfamiliar transactions appear. In a status relationship takeover, that could assistance emblem suspicious wealth question adjacent if the recordkeeper misses the outgoing transfer.

Many individuality theft monitoring services besides ticker for changes crossed your recognition reports, scan the acheronian web for exposed idiosyncratic accusation and hunt information broker oregon people-search sites for your details. Some plans besides see fraud solution enactment and individuality theft security for eligible betterment costs.

How to cheque if your idiosyncratic accusation was exposed

If you are unsure whether criminals person already exposed your information, instrumentality enactment now. Start with a escaped individuality breach scan to spot whether your information appears successful known leaks. Early detection gives you much power and helps you respond earlier fraud spreads. You tin besides cheque whether your idiosyncratic accusation is already being utilized for individuality theft, fraud oregon appearing connected the acheronian web.

See my tips and champion picks connected Best Identity Theft Protection astatine CyberGuy.com

Kurt's cardinal takeaways

Retirement accounts tin consciousness abstracted from the mundane fraud risks we perceive astir with recognition cards, email accounts and slope logins. But this lawsuit shows however rapidly a 401(k) tin go a people erstwhile idiosyncratic has capable idiosyncratic accusation to fool a telephone halfway oregon reset relationship access. The scary portion is that a stolen status relationship whitethorn not travel with the aforesaid user protections radical expect from recognition paper fraud. That makes prevention and aboriginal informing signs adjacent much important. Turn connected multi-factor authentication, alteration each relationship alert your program offers and inquire your leader oregon program head what happens aft an address, telephone fig oregon slope relationship change. No 1 should person to find retired months aboriginal that their beingness savings disappeared. The earlier you spot suspicious activity, the amended your chances of stopping the harm earlier it becomes a fiscal nightmare.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Should status plans beryllium required to nonstop stronger alerts earlier immoderate large relationship alteration oregon distribution, particularly erstwhile someone's beingness savings are connected the line? Let america cognize by penning to america astatine CyberGuy.comCyberguy.com

 Sign up for my FREE CyberGuy Report

• Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox.
• For simple, real-world ways to spot scams aboriginal and enactment protected, sojourn CyberGuy.com - trusted by millions who ticker CyberGuy connected TV daily.
• Plus, you'll get instant entree to my Ultimate Scam Survival Guide escaped erstwhile you join. 

Copyright 2026 CyberGuy.com. All rights reserved.