Retirement Clearinghouse, a Charlotte, NC-based firm, which helps to automatically move participant’s retirement account balances from a former employer to their new employer, has notified individuals in various states of a data breach.
As many as 10,509 individuals may have had their personal data breached, including Social Security and IRA numbers for accounts apparently held at Matrix Trust Company, which is part of Broadridge Financial Solutions, according to filings by the firm.
Retirement Clearinghouse notes that it identified suspicious activity taking place between March 15–16, 2023, through an email account in which a small number of files were at risk of access without authorization. The firm later confirmed on March 28 that certain data may have been at risk through a phishing scheme. The firm then undertook a comprehensive review of the data to determine its contents and issued supplemental notification to the organization.
“Because of this, we took measures to ensure the security of the files and notify potentially affected individuals about this matter,” the firm states in a May 12 letter. “We took remedial measures within our organization and we are also evaluating our policies and procedures to prevent reoccurrence of this type of event,” the letter further states.
The firm has offered to provide identity theft protection through Experian. Retirement Clearinghouse is also providing potentially impacted individuals with guidance on how to better protect against identity theft and fraud, as well as information on how to place a fraud alert and credit freeze on one’s credit file.
Public filings suggest that individuals residing in at least Maine, Maryland, Massachusetts, New York, North Carolina, Oregon, Rhode Island, Texas, Vermont and Washington, DC may have been impacted by the breach.
Retirement Clearinghouse assists organizations with transferring individuals’ retirement savings to reduce 401(k) cashouts and increase financial wellness. This process involves collecting information about the individuals from organizations to facilitate the transfers.
Portability Services Network
The incident apparently did not impact the systems of Retirement Clearinghouse or the Portability Services Network, Retirement Clearinghouse President and CEO Spencer Williams told Ignites, which first reported on the development. Additionally, no client assets have been stolen, Williams indicated.
The Portability Services Network is a consortium of major workplace retirement plan recordkeepers—Fidelity, Vanguard, TIAA, Empower and Alight Solutions—that was created to help workers automatically move smaller retirement savings in 401(k), 401(a), 403(b), and 457 accounts to their new employers’ plans as they change jobs—in essence making rollover, rather than cash-out the “default” when changing employers.