Use this button to switch between dark and light mode.

Be Careful with That! Cybersecurity Precautions in Administering Employee Benefit Plans

April 29, 2025 (4 min read)

In late February, six class actions were filed against The Pension Specialists Ltd (Pension Specialists) in an Illinois district court over a data breach of personal and sensitive information retained by Pension Specialists on behalf of plan participants and the retirement plan sponsors who retained Pension Specialists as their third-party plan recordkeeper.  In addition to ERISA claims, plaintiffs pursued various federal and state causes of action, including emotional distress and invasion of privacy, and seek punitive damages. The lawsuits highlight the risks to plan sponsors, plan fiduciaries, and their plan service providers who do not follow and monitor (or even establish) good plan cybersecurity policies.

Read now »

Related Content

  • Cybersecurity Considerations for ERISA Plan Fiduciaries
    Raise your awareness of the ever-increasing amount and sophistication of internet crimes targeting employee benefit plan data and assets. These crimes have (rightfully) led to ERISA fiduciaries having increased concerns about the consequences raised by cybersecurity issues in the context of DOL audits and litigation by employees and beneficiaries.
  • Cybersecurity and Data Security Risk Management Strategies for ERISA Plan Fiduciaries
    Learn more about establishing an effective plan governance structure to address cybersecurity concerns. Fiduciaries have limited official guidance regarding the extent of a plan fiduciary's responsibilities in maintaining acceptable plan cybersecurity protocols or mitigating the damages in the event of a breach. Learn more about developing and optimizing cybersecurity precautions. Review other risk-mitigation strategies like educating employees and participants and purchasing cybersecurity insurance.
  • Qualified Retirement Plan Cybersecurity Training Presentation
    Use this presentation to provide cybersecurity training to employers in their capacity as retirement plan sponsors, to employees who handle plan assets and/or data related to retirement plan assets that include participants' personally identifiable information (PII), to retirement plan fiduciaries (at an investment committee meeting), and even to non-fiduciary service providers of retirement plans who store, maintain, or transport PII.

Practical Guidance Updates 
Featuring the latest updates from your Practical Guidance account.    

PRACTICAL GUIDANCE CUSTOMER EMAIL EDITION ON THE WEB

Experience results today with practical guidance, legal research, and data-driven insights—all in one place.

Experience Lexis+