Compliance October 17, 2024

UC Schools Report Fraudulent Activity in Fidelity Retirement Accounts

The issue affected Fidelity retirement plan accounts at UC Davis and other schools in the University of California system.

Reported by

Remy Samuels

Participants in the University of California Retirement Savings Program were informed Wednesday of several reports of fraudulent activity on the retirement accounts of program members.

The Retirement Program Services division of the UC Office of the President announced that 120 accounts administered by Fidelity Investments at UC Davis were affected.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters. 

Fidelity’s cybersecurity team has identified the issue, closed the vulnerability and taken steps to protect all potentially affected accounts, according to the university.

“With regard to the UC incident, … Fidelity takes its responsibility to identify and prevent fraud seriously,” says Ted Mitchell, a vice president of corporate affairs at Fidelity. “We recently identified individuals attempting to commit fraud. We took immediate steps to address and mitigate the issue. This is isolated, and our teams have validated that it has been resolved.”

According to an announcement from UC San Francisco, several UC schools reported to the Office of the President that users who were affected had their Fidelity account credentials changed, and attempts were then made to empty those accounts. Users have also reported receiving emails from Fidelity notifying them that their account credentials have been changed.

Under Fidelity’s Customer Protection Guarantee, Fidelity will reimburse any losses from unauthorized account activity, provided the activity was not due to a participant’s own actions, according to the UC Davis announcement.

Participants have been told to enable multi-factor authentication and change their Fidelity passwords, either as a precaution if they have not been notified that they were affected or as a requirement if they have been notified.

UC Davis also informed participants to review both their UC workplace account and any personal Fidelity retail accounts, as well as to pay attention to their profile information, especially mobile numbers and emails associated with multi-factor authentication and account alerts.

Fidelity Sued Over Separate Data Breach

Fidelity also reported a separate data breach to the Office of the Maine Attorney General last week, confirming the personal information of 77,000 clients was exposed. From August 17 through August 19, a third party accessed and obtained client information without authorization from the company, according to the Maine AG filing. The incident did not provide any access directly to those clients’ Fidelity accounts.

In a letter to impacted clients, Fidelity wrote that the hackers leveraged “two customer accounts that they had recently established” to gain access to information for a small subset of its customers.

After that breach, Fidelity was sued. Two Fidelity customers, Yaakov Gluck and Seth Gluck, filed a complaint on October 10, alleging that the company failed to protect the breach victims’ personal information, causing criminals to “steal everything they possibly need to commit nearly every conceivable form of identity theft and wreak havoc on the financial and personal lives of potentially millions of individuals.”

According to the lawsuit, the personal information taken by the hackers included Social Security numbers, financial information, names, phone numbers and addresses.

The plaintiffs accused Fidelity of failing to implement “adequate and reasonable measures” to ensure their computer systems were protected, as well as failing to prevent and stop the breach in a timely matter.

In Gluck et al v. Fidelity Investments, the plaintiffs are seeking actual damages, statutory damages and punitive damages, citing a breach of fiduciary duties, breach of confidence, breach of implied contract and invasion of privacy.

Fidelity’s Mitchell declined to comment on the pending litigation.

You Might Also Like:

Compliance

March 4th, 2025

Participant Data at Community Colleges, Public Schools Exposed in Breach at TPA

A third-party administrator of 403(b) and 457(b) plans experienced a cyber breach last month, exposing sensitive information of more than...

Compliance

February 25th, 2025

Judge Approves DOL’s Appeal to Pause Fiduciary Rule Litigation

The circuit judge granted a 60-day abeyance in two lawsuits against the DOL over its Retirement Security Rule.

Compliance

February 24th, 2025

SEC Announces Unit to Protect Investors From Crypto, AI Scams

The Cyber and Emerging Technologies Unit will be led by Laura D’Allaird, who was co-chief of the predecessor Crypto Assets and Cyber Unit.

Client Service October 17, 2024

New PEP for Head Start Programs Launches With Oregon-Based Plan Sponsor

The pooled employer plan focused on 403(b) nonprofit educational programs is sponsored by GPS, with investment fiduciary services from the Fraser Group.

Reported by

Alex Ortolani

A new pooled employer plan catered to Head Start learning programs has signed its first plan sponsor, an Oregon-based research nonprofit, with more in the pipeline to join.

The Oregon Social Learning Center, based in Eugene, Oregon, has joined the Head Start Retirement Program Pooled Employer Plan launched by pooled plan provider GPS and 3(38) investment fiduciary Fraser Group, a division of BCG, an Alera Group company. Voya is the recordkeeper for the PEP, geared toward the roughly 1,600 Head Start and Early Head Start programs across the U.S.

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news. 

The Oregon Social Learning Center is actually not part of the Head Start network, but is a nonprofit focused on the healthy development of children and families. There are about five other organizations, including Head Start programs, preparing to join the PEP, says Fraser, who adds that the roots of the PEP started about six years ago from fundraising efforts to provide scholarships to Head Start educators.

“What we saw was that many of these nonprofits are underserviced and overcharged,” says Fraser, a senior partner in the Fraser Group. “[Through the PEP], we want to remove the administrative burden and cost associated with running a plan so they can spend more time doing what they do best, which is making sure that these kids are being looked after.”

The PEP is being offered to Head Start agencies in Arizona, California, Nevada, Hawaii and U.S. Pacific Island territories via the Region 9 Head Start Association. The nonprofit is an affiliate of the National Head Start Association and is focused on training and development for Head Start programs working with more than 130,000 children, according to its website.

Steve Niehoff, chief operating officer for plan provider Group Plan Systems, says it will be promoting the PEP with affiliates at a Region 9 Head Start conference next week, along with a 401(k) Head Start PEP it will be launching in 2025.

“GPS is very thankful to be part of the Head Start Retirement Program, and to be able support the employers and participants doing such important work in their communities,” Niehoff says. “Head Start is open to having employers who are not directly related to the program join the plans, increasing the potential for them to grow more quickly,”

Plan provider GPS is a joint venture between the Pension Resource Institute LLC and Waypoint Fiduciary Services LLC, run by Managing Partners Jason Roberts, CEO and founder of the PRI, and Pete Swisher, founder and president of Waypoint.

The Setting Every Community Up for Retirement Enhancement Act of 2019 started PEPs for 401(k) plans. The SECURE Act 2.0 of 2022 first allowed 403(b) plans to participate in PEPs and multiple employer plans, or MEPs. Another player in building this relatively early to market 403(b) PEP was Mitch Haber, a regional vice president at Voya, with that firm now acting as recordkeeper.

“As a leading provider of retirement plan solutions among all tax codes within the multiple employer plan space, including the recently introduced 403(b) market, we’re excited to serve as the recordkeeper for the Head Start PEP and look forward to supporting Oregon Social Learning Center,” Voya’s Ginger Brennan, a senior vice president and head of ABA retirement funds and multiple employer solutions, says via email.

Region 9’s executive director, Ed Condon, who is helping connect the PEP with programs in the Head Start network, says: “we are very excited to see the PEP introduced to our community of agencies. We believe stronger families bring stronger futures for all of us. The PEP is an essential tool to help our staff build that for themselves and their families as they serve others.”

Fraser sees the new PEP as not only reducing plan costs and administrative duties for sponsors, but providing financial wellness and education to participants via the plan as well.

He personally provides financial education to Head Start administrators, educators and students. In addition, when he learned a few years ago about the need for scholarship funding for Head Start teachers, he started fundraising among his retirement sector colleagues to contribute to the program. That has led to some $350,000 in scholarship funds for the educators.

“Many of these [educators] are among the first in their families to go to college,” Fraser says. “My hope is that, through this PEP, the scholarship and fundraising will also pop up in other Head Start locations.”