Named one of the 7 Best 401(k) Plans of 2024 by Forbes Advisor!

Get started
Search for topics or resources

Preventing Identify Theft in Your Retirement Plan

Eric Droblyen

January 9, 2024


Identify theft is a major problem faced by retirement plan participants and sponsors. According to a study by Javelin, 14.4 million participants fell victim to identity theft in 2018 alone. As a plan sponsor, identify theft poses a serious risk to your participants. If you’re concerned about how to combat this issue, we’ve answered all of the most common questions we receive about it below:

How does identity theft typically occur in retirement plans?

Thanks to the information that participants have voluntarily put on social media accounts or made available through use of public WIFI connections, thieves have an exceptionally easy time obtaining dates of birth, family names, pet names, addresses, etc.  By the time a thief submits a phony distribution or loan request, the thief has already managed to get your social security number, date of birth, and basic information. The thief may even have your spouse’s name and is able to get a phony notarized spousal consent on the form.  The stolen information makes the request form look legitimate. If you use the same login and password for all of your accounts, thieves may have already hacked into your account and changed your address. So, if a check is requested, and not an ACH, the check will be sent to the fake address and the thieves will get your money.  The point is: these thieves are exceptionally sophisticated, looking to get a quick payout, and, more often than not, working from an offshore location.

What can I do to help prevent identity theft?

There are many opportunities for you, as a plan participant, to help protect your hard-earned retirement savings from potential theft.  Immediate steps that you can take include:

  • Check with your plan’s service vendor to see what security protocols it has in place, such as multi-factor authentication (MFA), and use all available protocols.
  • Ask your employer to move away from the paper.  Paper statements in the mail are an easy target for someone to steal and get balances, vendor information, etc.
  • Stop posting personal information on your social media accounts.  It has been proven that these modern thieves gain much of the information they use to hack your account from social media postings. 
  • Request that your Plan Sponsor notify you if any distribution or loan request is received for your retirement account. (Some service providers may allow you to block this on your online account.)
  • Pay attention to notifications you receive from your Plan Sponsor or retirement service provider.  If they request that you take steps for your account – such as establishing your online ID – take those steps immediately and don’t let a thief set it up for you.
  • Consider freezing your credit.  It’s a simple process that involves logging onto the three major credit agencies, Transunion, Experian, and Equifax, and providing enough information to prove your identity.  Then, check the box to have your credit frozen. This prevents someone from opening credit cards in your name and putting you in a horrific financial position.
  • Keep your passwords secret, and don’t use your “usual” password for money-related accounts.  It is hard to use different passwords for every online account you monitor, but be particularly protective of your savings.  Someone hacking into your Netflix account may not be a problem; improper access to your bank account or 401(k) account, on the other hand, is very serious.

New call-to-action