Transamerica sued by 401(k) participant over data breach
Transamerica sued by 401(k) participant over data breach
A bug earlier this year let plan sponsor clients view outside participants' data, and one man claims he and others suffered consequences.
December 15, 2021 By Emile Hallez Emile Hallez 2
MINS
You have read 0 of 3 free articles this week. Register now for increased access.
A breach of 401(k) participant data earlier this year prompted a class action lawsuit this month against Transamerica Retirement Solutions.
In June, the company became aware of a change within one of its websites that let employer customers view compromising data about participants in other retirement plans, according to a notice posted by the State of California. That data included Social Security numbers, birth dates and other personally identifying information.
The data was only viewable by plan administrators who had permission to access the site, the company stated in the disclosure sent in August to 401(k) participants. At the time, Transamerica said that it was unaware of any participant data being misused, it had fixed the glitch and would provide two years of identity monitoring services to people whose data were compromised.
But that was insufficient, the plaintiff representing the proposed class said.
InvestmentNews wants to hear from you! Please take a minute to complete this form, so we can better understand and serve our readers.
Are you involved with making technology purchasing decisions for your firm?*
Please Select
Is your firm currently evaluating digital marketing solutions?*
Please Select
The company failed to protect sensitive information and waited too long to make 401(k) participants aware of the problem, according to the Dec. 3 complaint filed in U.S. District Court in the Southern District of New York.
That man, California resident Eric Giannini, “has experienced a number of harms as a result of the data breach incident since Transamerica’s systems were accessed, including the misuse of his identifying information for fraudulent purchases,” the complaint read.
Giannini claimed that he was not contacted about his data being compromised until Oct. 8.
The law firm representing him and the proposed class, Migliaccio & Rathod, said in the complaint that the affected plan participants “will continue to experience various types of misuse of their [personally identifying information] in the coming years, including but not limited to unauthorized credit card charges, unauthorized access to email accounts and other fraudulent use of their financial information.”
The complaint alleges negligence, breach of contract, breach of fiduciary duty and violations of New York and California state laws.
The case differs from others brought in recent years against retirement plan record keepers over data security, in that it is a class action and does not indicate that any 401(k) assets were pilfered.
Individual lawsuits against Alight Solutions and plan sponsors, for example, centered on thefts from accounts.
The new case also does not raise claims under the Employee Retirement Income Security Act.
Transamerica said in a statement that it was aware of the lawsuit, calling the allegations “inaccurate and misleading.”
“At no time did unauthorized individuals gain access to Transamerica’s systems as the lawsuit suggests,” the statement read. “Transamerica is proud of the services we provide to our retirement plan clients, and we will vigorously defend against this lawsuit. We remain dedicated to providing the highest quality of care and security to our customers.”
A bug earlier this year let plan sponsor clients view outside participants' data, and one man claims he and others suffered consequences.
December 15, 2021 By Emile Hallez Emile Hallez 2
MINS
You have read 0 of 3 free articles this week. Register now for increased access.
A breach of 401(k) participant data earlier this year prompted a class action lawsuit this month against Transamerica Retirement Solutions.
In June, the company became aware of a change within one of its websites that let employer customers view compromising data about participants in other retirement plans, according to a notice posted by the State of California. That data included Social Security numbers, birth dates and other personally identifying information.
The data was only viewable by plan administrators who had permission to access the site, the company stated in the disclosure sent in August to 401(k) participants. At the time, Transamerica said that it was unaware of any participant data being misused, it had fixed the glitch and would provide two years of identity monitoring services to people whose data were compromised.
But that was insufficient, the plaintiff representing the proposed class said.
InvestmentNews wants to hear from you! Please take a minute to complete this form, so we can better understand and serve our readers.
Are you involved with making technology purchasing decisions for your firm?*
Please Select
Is your firm currently evaluating digital marketing solutions?*
Please Select
The company failed to protect sensitive information and waited too long to make 401(k) participants aware of the problem, according to the Dec. 3 complaint filed in U.S. District Court in the Southern District of New York.
That man, California resident Eric Giannini, “has experienced a number of harms as a result of the data breach incident since Transamerica’s systems were accessed, including the misuse of his identifying information for fraudulent purchases,” the complaint read.
Giannini claimed that he was not contacted about his data being compromised until Oct. 8.
The law firm representing him and the proposed class, Migliaccio & Rathod, said in the complaint that the affected plan participants “will continue to experience various types of misuse of their [personally identifying information] in the coming years, including but not limited to unauthorized credit card charges, unauthorized access to email accounts and other fraudulent use of their financial information.”
The complaint alleges negligence, breach of contract, breach of fiduciary duty and violations of New York and California state laws.
The case differs from others brought in recent years against retirement plan record keepers over data security, in that it is a class action and does not indicate that any 401(k) assets were pilfered.
Individual lawsuits against Alight Solutions and plan sponsors, for example, centered on thefts from accounts.
The new case also does not raise claims under the Employee Retirement Income Security Act.
Transamerica said in a statement that it was aware of the lawsuit, calling the allegations “inaccurate and misleading.”
“At no time did unauthorized individuals gain access to Transamerica’s systems as the lawsuit suggests,” the statement read. “Transamerica is proud of the services we provide to our retirement plan clients, and we will vigorously defend against this lawsuit. We remain dedicated to providing the highest quality of care and security to our customers.”
