A growing wave of cyber theft is targeting 401(k) retirement accounts, with recent high-profile cases highlighting vulnerabilities in account security and oversight. In one instance, an impostor successfully drained Paula Disberry's Colgate-Palmolive 401(k) account of its entire $751,430 balance after impersonating her in a call to Alight Solutions, the plan's recordkeeper. The impostor provided Disberry's name, last four digits of her Social Security number, date of birth, and mailing address to pass security checks, then changed the account's contact information and ultimately requested a full payout, which was mailed to a Las Vegas address. Disberry, who was living in South Africa at the time, later sued Alight, Colgate's benefits committee, and BNY Mellon, the plan's custodian. The case was settled on undisclosed terms, and the court did not rule on whether Alight was responsible for restoring the funds [1].
This incident is not isolated. Heide Bartnett, a former Abbott Laboratories employee, also sued Alight after alleging that a hacker used the plan portal's 'forgot password' feature to reset her credentials and trigger a $245,000 distribution. Other retirement plan recordkeepers have faced similar lawsuits related to cybertheft. The Government Accountability Office (GAO) reported in February 2026 that eleven lawsuits had been filed between 2009 and 2024 under the Employee Retirement Income Security Act (ERISA) concerning retirement plan cyber theft, prompting the GAO to urge the U.S. Department of Labor to issue new guidance on participant data protection [1].
The scale of the problem is underscored by the FBI's April 2026 Internet Crime Report, which found that Americans aged 60 and older lost $7.7 billion to internet crime in 2025—a 59% increase from the previous year. Of these losses, $3.5 billion was attributed to investment fraud, making retirement-age savers a significant target for online criminals. Unlike credit card fraud, 401(k) account takeovers do not benefit from the same consumer protections, leaving victims more vulnerable to permanent losses [1].
The article highlights that weak account-change safeguards, such as insufficient alerts and bypassed waiting periods, can enable cybercriminals to drain retirement savings with minimal resistance. The GAO's call for regulatory action and the rising number of lawsuits signal growing concern and potential changes in how retirement plan data is protected going forward [1].
CONCLUSION
The surge in cyber theft targeting 401(k) accounts has exposed significant vulnerabilities in retirement plan security and oversight. With billions lost and regulatory scrutiny increasing, the market may see heightened compliance costs and new guidance for retirement plan administrators.