A hack of a New Jersey-based employee benefit and payroll management company serves as a powerful reminder of the need to secure those online participant accounts.
A Maryland man was indicted on money laundering charges related to money obtained through unlawful computer intrusions that targeted a New Jersey-based employee benefit and payroll management company, according to U.S. Attorney Philip R. Sellinger.
Courtesy of U.S. Justice Department,[i] one Oladapo Sunday Ogunbiyi, 40, of Greenbelt, MD, has now been charged by indictment with one count of conspiracy to commit money laundering, two counts of money laundering, and two counts of engaging in transactions in property derived from criminal activity.[ii]
According to documents filed in this case and statements made in court, Ogunbiyi conspired with others to launder funds obtained through an unlawful computer fraud scheme in which they obtained unauthorized access to a 401(k) account held for the benefit of a person at the New Jersey company. They then added a bank account belonging to another individual to the victim’s 401k account—without the victim’s knowledge or authorization. That account was designated as the account to receive withdrawals from the victim’s 401k account. Once that was set up, $246,390 was transferred to the bank account belonging to account that had been added—again, without the victim’s knowledge or consent.
From there Ogunbiyi and others directed that the fraud proceeds be converted into cashier’s checks, which Ogunbiyi deposited into bank accounts under his control, after which he withdrew the funds in a series of ATM and counter withdrawals “designed to conceal the source of the money, which he used for personal expenditures.”
This, of course, is far from the sole instance of such activity, though it is the latest one resulting in capture and arrest. Indeed, recent reports of 401(k) thefts and an ongoing concern about cybersecurity (should) have everybody on the alert. Some have even triggered lawsuits against providers and plan sponsors. Here are some steps you, your plan sponsor clients, and their participants should take—now.
[i] Which, in a press release, reminds us that the “charges and allegations contained in the indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.”
[ii] The counts of money laundering and money laundering conspiracy carry a maximum penalty of 20 years in prison and a fine of $500,000, or twice the value of the property involved in the transaction, whichever is greater. The counts of engaging in transactions in property derived from criminal activity carry a maximum penalty of 10 years in prison and a fine of $250,000, or twice the value of the property involved in the transaction, whichever is greater.
