PENSION AND BENEFITS BLOG

After having made retirement plan cybersecurity protections a top priority for 2016, the ERISA Advisory Council Nov. 10 issued its final recommendations to the Department of Labor.

The council annually provides the DOL with guidance on issues relating to employee benefit plans covered under the Employee Retirement Income Security Act.

The council boiled its recommendations down to:

• making its report publicly available as soon as administratively feasible, and
• providing information to the employee benefit plan community to educate them on cybersecurity risks and potential approaches for managing those risks.

Attack Example

Computer hackers gained access in July to a United Food and Commercial Workers multiemployer pension plan, affiliated with Missouri-based Schnucks, Dierbergs Markets and Shop ‘n Save supermarkets, a Nov. 9 UFCW, Local 655 press release said. 

In addition, the UFCW Food Employers Joint Pension Fund was the victim of a ransomware attack. The ransomware attack occurred when an unidentified hacker took control of one of the union's computer servers and demanded three bitcoins to enable it to work again. The value of three bitcoins is about $2,000, according to the Bitcoin Price Index.

Data potentially compromised during the ransomware attack included current and former employees’ names, dates of birth, Social Security numbers and bank account information.

The UFCW, however, has said it has no reason to believe “sensitive information” was obtained in either cybersecurity breach, but “out of an abundance of caution” it is providing its members with credit monitoring and identity theft restoration services without cost for 12 months. Also, a dedicated phone line is being provided to allow for continuing union members’ concerns.

The plan didn’t pay the ransom and was able to recreate the data from a back-up system.

Design benefit plans and respond quickly and confidently to a range of potential issues with a free trial to the Benefits Practice Resource Center.