Your 401(k) is the new identity theft target
A cybercriminal impersonated Colgate-Palmolive employee Paula Disberry and drained her $751,430 401(k) by convincing the plan's recordkeeper to change contact details. The fraud succeeded due to weak verification processes and lack of multi-factor authentication or alerts to the actual account holder. The incident highlights growing risks to retirement accounts and the need for stronger security measures and federal guidance.
- ▪An impostor used personal information to convince Alight Solutions to update contact details on Paula Disberry's 401(k) account.
- ▪Alight did not notify Disberry of the changes and issued a temporary password by mail, allowing the thief to request a full payout.
- ▪The Government Accountability Office urged the Department of Labor to issue new guidance on retirement plan data security after multiple ERISA lawsuits were filed.
- ▪Retirement accounts lack the consumer fraud protections that apply to credit cards, making recovery from theft more difficult.
- ▪The case was settled out of court, with no ruling on whether Alight was required to restore the stolen funds.
Opening excerpt (first ~120 words) tap to expand
Social Security Your 401(k) is the new identity theft target How a stolen 401(k) shows why retirement accounts need stronger alerts, MFA and early fraud detection By Kurt Knutsson, CyberGuy Report Fox News Published May 17, 2026 7:05am EDT Facebook Twitter Threads Flipboard Comments Print Email Add Fox News on Google close Video Fox News Flash top headlines for May 15 Fox News Flash top headlines are here. Check out what's clicking on FoxNews.com. NEWYou can now listen to Fox News articles! An impostor phoned Alight Solutions, the recordkeeper for Colgate-Palmolive's 401(k) plan, and identified herself as a Colgate employee. She asked to update the contact information on an account.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Fox News.
Discussion
0 commentsMore from Fox News
