Compliance April 30, 2024

Breach at J.P. Morgan Exposes Data of 451,000 Plan Participants

Participant names, addresses, Social Security numbers and bank information were exposed in an incident the bank became aware of in February.

Reported by

J.P. Morgan Chase has been hit with a data breach exposing the personal information of more than 451,000 retirement plan participants, according to a Monday regulatory filing to the Office of the Maine Attorney General.

The participant information that was exposed included participants’ names, addresses, Social Security numbers, payment and deduction amounts, as well as bank routing and account numbers if the participants had set up direct deposit.

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news.

The breach was not part of a cyberattack and there is no indication of data misuse, according to a J.P. Morgan spokesperson. A notice of the data breach that J.P. Morgan submitted to the Maine Attorney General revealed that on February 26, the firm learned of a software issue that caused certain reports run by three authorized system users to include plan participant information that they were not entitled to see.

The three users were employed by J.P. Morgan customers or their agents, according to the notice.

The system users ran a limited number of reports between August 26, 2021, and February 23, 2024.

Lynne Atchison, executive director of benefit payment services, wrote in the disclosure notice to the Maine AG that J.P. Morgan “promptly addressed the access and applied a software update” once they were aware of the issue.

The bank is offering individuals affected by the breach two years of identity theft protection services through Experian’s IdentityWorks platform and also making its call center available to address participant questions.

“Safeguarding client information is a priority,” a spokesperson said.

In 2023, a cyberattack on , which is owned by Progress Software Corp., ended up revealing the private data of nearly according to anti-malware company Emsisoft. The breach included retirement plan participants exposed via services vendor Pension Benefit Information LLC; firms hit included Fidelity Investments, TIAA and the California Public Employees’ Retirement System, among others.

Later in 2023, there was a separate breach of Infosys McCamish Systems LLC, a U.S. subsidiary of Infosys BPM Ltd., based in Bangalore, India, that shut down access for a number of nonqualified compensation benefit accounts held with firms including Ascensus’ Newport, T. Rowe Price and Vanguard.

In both incidents, impacted firms responded by providing identity theft protection to customers affected by the breach as hackers can sometimes use or sell the data to try and defraud consumers.

 

Deals & People April 30, 2024

BIP Wealth Acquires The Money Advisor Group

Separately, Diversify Advisor Network launches a retirement plan advisory services program for financial advisers.

Reported by

The Money Advisor Group, a registered investment advisory firm focusing on managing investments and planning for retirement, announced Tuesday it has agreed to be acquired by BIP Wealth, an Atlanta-based registered investment adviser, as part of its new BIP Alliance program.

Meanwhile, in an additional nod to industry consolidation, Diversify Advisor Network, a privately held independent wealth management firm, is launching a retirement plan advisory services program.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

Money Advisor Group

With the TMAG deal, BIP Wealth will bring over $300 million in assets under management for its clients to BIP Alliance, making the firm’s total AUM to over $3.3 billion. The acquisition is set to close on May 22.

TMAG was founded in 2001 by Tim Money, president and chief investment officer, to provide individual and corporate clients with financial advisory services, including retirement planning and wealth management. Money will remain president of the group, and the entire TMAG team will join BIP.

“From the beginning, our focus has been on taking care of our beloved clients and team members,” Money said in a statement. “Our earliest discussions made it clear that BIP aligns with our values and priorities.”

BIP Wealth offers investment management and planning services tailored to high-net-worth individuals, families, institutional clients and corporate retirement plans. BIP Wealth serves clients nationwide and has offices in Atlanta, Alpharetta, Nashville, and now Columbus, Georgia.

The acquisition will provide TMAG clients and potential investors in West Central Georgia, East Alabama and nearby areas with broader access to BIP’s wealth management platform, offering private market investment options and advanced planning services, according to the announcement.

Diversify Advisor Network

Also announced on Tuesday, Diversify Advisor Network, a privately held independent wealth management firm, has launched its retirement plan advisory services program to provide to other wealth managers.

The program will be led by Partners Todd Nuttall and David Gardner, who merged their firm Caliber Wealth Management into Diversify earlier this year.

“With the launch of Diversify’s retirement plan advisory services, we can now share our unique retirement plan expertise and process with our peers across the network,” Nuttall said in a statement.

The team will offer services in plan design and plan governance, fiduciary services, participant education, research among others.

“They have also built a framework that helps the advisers capture additional wallet share from the plan participants, giving clients access to financial advice for more than just their company retirement plan,” Stuart Matheson, chief strategy officer at Diversify, said in a statement. “Advisers get to keep and even grow assets that they might otherwise miss out on, all without having to be experts in the intricacies of retirement plans.”

«