29 Apr 2025

Be Careful with That! Cybersecurity Precautions in Administering Employee Benefit Plans

In late February, six class actions were filed against The Pension Specialists Ltd (Pension Specialists) in an Illinois district court over a data breach of personal and sensitive information retained by Pension Specialists on behalf of plan participants and the retirement plan sponsors who retained Pension Specialists as their third-party plan recordkeeper. In addition to ERISA claims, plaintiffs pursued various federal and state causes of action, including emotional distress and invasion of privacy, and seek punitive damages. The lawsuits highlight the risks to plan sponsors, plan fiduciaries, and their plan service providers who do not follow and monitor (or even establish) good plan cybersecurity policies.

Read now »

Related Content

Cybersecurity Considerations for ERISA Plan Fiduciaries
Raise your awareness of the ever-increasing amount and sophistication of internet crimes targeting employee benefit plan data and assets. These crimes have (rightfully) led to ERISA fiduciaries having increased concerns about the consequences raised by cybersecurity issues in the context of DOL audits and litigation by employees and beneficiaries.
Cybersecurity and Data Security Risk Management Strategies for ERISA Plan Fiduciaries
Learn more about establishing an effective plan governance structure to address cybersecurity concerns. Fiduciaries have limited official guidance regarding the extent of a plan fiduciary's responsibilities in maintaining acceptable plan cybersecurity protocols or mitigating the damages in the event of a breach. Learn more about developing and optimizing cybersecurity precautions. Review other risk-mitigation strategies like educating employees and participants and purchasing cybersecurity insurance.
Qualified Retirement Plan Cybersecurity Training Presentation
Use this presentation to provide cybersecurity training to employers in their capacity as retirement plan sponsors, to employees who handle plan assets and/or data related to retirement plan assets that include participants' personally identifiable information (PII), to retirement plan fiduciaries (at an investment committee meeting), and even to non-fiduciary service providers of retirement plans who store, maintain, or transport PII.

Practical Guidance Updates
Featuring the latest updates from your Practical Guidance account.

Employee Benefits & Executive Compensation Key Legal Developments Tracker (Current)
Stay informed on new developments.
- ERISA Litigation. In a unanimous decision written by Justice Sotomayor, the U.S. Supreme Court revived a class action from Cornell University workers who said their retirement plans were burdened by excessive fees, finding the Second Circuit had overreached when it shut down the case. Cunningham v. Cornell Univ., 2025 U.S. LEXIS 1458 (Apr. 17, 2025).
- ERISA Litigation. District Court decides not to dismiss a class action lawsuit against The Clorox Company and the investment committee for its 401(k) Plan. The lawsuit claims that Clorox violated its ERISA fiduciary duties when using plan forfeitures to offset its employer non-elective contributions. McManus v. Clorox Co., 2025 U.S. Dist. LEXIS 43765 (N.D. Cal. Mar. 3, 2025).
- Retirement Plans. DOL releases guidance addressing compliance questions on SECURE 2.0 Act’s required changes to annual funding notices (AFNs) under ERISA Section 101(f). The guidance includes two updated model AFNs. Field Assistance Bulletin 2025-02.
- Health and Welfare Plans. HHS rescinds its 2022 guidance, "HHS Notice and Guidance on Gender Affirming Care, Civil Rights, and Patient Privacy." Letter, Recission of "HHS Notice and Guidance on Gender Affirming Care, Civil Rights, and Patient Privacy" (Feb. 20, 2025).
New! Discover Practical Guidance Content and Resources
Read this update to see the newest additions to Practical Guidance. This guide is designed to help you find the tools and insights you need to work more efficiently and effectively.
Stay informed on SECURE 2.0 Act developments by using our SECURE 2.0 Act Guidance Tracker.
Document alerts allow you to stay current on legal developments that affect your practice. Find out how to set up your document alerts.
Review the Chevron Reversal Impact Resource Kit for analysis related to the Supreme Court’s decision to overturn four decades of deference to federal agency interpretations of ambiguous statutes.
Keep current on the second Trump administration developments by referencing the Presidential Executive Actions Tracker, Legal Challenges to 2025 Presidential Executive Orders and Actions Tracker, and Trump Transition Resource Kit.
Generative Artificial Intelligence (AI) Resource Kit is a frequently updated collection of current Practical Guidance materials on generative AI, ChatGPT, and similar tools.
The Practical Guidance Journal 2025 Edition One features guidance on what attorneys need to know about deepfake technology, a look ahead at AI risk management, an artificial intelligence checklist, and a review of cautions and key AI legal issues in DEI and employment discrimination.
Browse the Practical Guidance Author Center to see the 2600+ leading attorney authors contributing to our 26 practice areas. Interested in becoming a Practical Guidance author? Click here for details. Practical Guidance is committed to amplifying diverse voices of attorneys across all differences, including gender and race.
Legal Developments provide the latest updates and analyses of emerging topics impacting your practice area. Visit the Legal Developments page to see the latest topics, which also include breaking legal news and related Practical Guidance content.

New and Updated Practical Guidance Content

PRACTICAL GUIDANCE CUSTOMER EMAIL EDITION ON THE WEB

Experience results today with practical guidance, legal research, and data-driven insights—all in one place.

Experience Lexis+