Court Allows Case Involving Cybertheft of 401(k) Plan Account to Proceed in Part

In one of a growing number of cases involving cybertheft of 401(k) plan assets, a federal judge allowed ERISA claims to proceed against a third-party plan administrator, but dismissed the claims against the plan sponsor.

The plaintiff alleged that an imposter obtained her password, logged into her 401(k) account, and authorized a distribution of $245,000. She alleged that her employer and the plan’s third-party administrator breached fiduciary duties by failing to stop the theft. The court allowed the claims against the administrator to proceed. The court accepted the allegation that the administrator acted in a fiduciary capacity when it authorized the 401(k) distribution, and that it breached a duty by not following a security protocol when it allowed the distribution. The court, however, determined that the allegations that the employer breached a fiduciary duty with respect to the theft did not pass muster.

Although the amount of money at issue in the case was relatively small, this case highlights the growing risk of cybercrimes to 410(k) and other pension plans.

The case is: Bartnett v. Abbott Labs., No. 20-CV-02127, 2020 U.S. Dist. LEXIS 182645 (N.D. Ill. Oct. 2, 2020).