Fidelity Cyber-Fraud Incident Highlights Urgent Need for Vigilance
A recent cyber-fraud incident at the University of California's retirement savings program, administered by Fidelity Investments, underscores the ongoing threat that cybercriminals pose to retirement systems.
University retirement savings participants were informed on Oct. 15 that fraudulent activity had been reported on their accounts. According to the Retirement Program Services division of the UC Office of the President, 120 Fidelity Investments accounts are affected.
According to a copy of the letter that went out to those impacted by the fraudulent activity, "Fidelity will reimburse any losses from unauthorized account activity, provided the activity was not due to" the account holder's actions.
Fidelity is a Boston-based multinational financial services company listed as one of the largest asset managers in the world, with $14.1 trillion in assets under administration and $5.5 trillion under management.
This incident, which occurred during Cybersecurity Awareness Month, is a critical reminder for public employee pension systems to proactively protect their data. TEXPERS has partnered with the National Cybersecurity Alliance (NCA) and urges systems to stay informed on best practices to defend against phishing, credential theft, and other attacks.
Key Actions for Pension Systems to Take, According to the NCA:
- Use Strong Passwords and a Password Manager: Encourage using long, complex passwords that combine letters, numbers, and symbols. A password manager can help securely store and generate strong passwords.
- Turn On Multi-Factor Authentication (MFA): MFA adds an extra layer of security, making it more difficult for unauthorized individuals to access accounts.
- Recognize and Report Phishing: Train employees and members to immediately recognize phishing attempts and report suspicious emails or activity.
- Update Software Regularly: Ensure that all systems and software are updated with the latest security patches to defend against known vulnerabilities.
TEXPERS' Role in Cybersecurity Awareness
As a NCA Champion of Cybersecurity Awareness, TEXPERS is taking action to help its members avoid cyber fraud. TEXPERS is hosting a special webinar for system members at 10 a.m. CT on Oct. 29, conducted by Lisa Plaggemier, Executive Director of NCA.
The webinar will dive into the NCA's Cybersecurity Attitudes and Behaviors Report and provide practical tips for pension systems to protect themselves from phishing and other cyber threats. Participants will earn one Continuing Education (CE) hour, which is essential for trustees and administrators to meet state-mandated training requirements.
Register for the Webinar:
Stay Secure, Stay Vigilant
TEXPERS is committed to supporting our members and stakeholders in safeguarding sensitive data. Throughout October, we'll share more resources to help public pension system leaders, investment professionals, and vendors protect their digital environments from phishing and other cyber risks.
Together, we can Secure Our World—and protect the futures of the public employees we serve.
About the Author:Allen Jones is the director of communications and event marketing for TEXPERS. He joined the Association in 2017. Before TEXPERS, he worked in the news media industry, producing content for newspapers, magazines, and online publications and leading newsrooms as an editor and publications manager. [email protected]