Fidelity 401(k) Breach: A Stark Reminder to Secure Your Accounts Today

Current Events
Written By Bryan Hancock, MBA, CFP®

Understanding the Fidelity 401(k) Breach

Lock on computer keyboard signifying cybersecurity

November 8, 2024- You may have read in the news recently about the data breach that Fidelity Investments announced regarding 401(k) plans. It appears this hack resulted in some retirement accounts being emptied due to weaknesses in Fidelity’s call center procedures. We understand that Fidelity has made affected investors whole. As information continues to grow quicker and easier to exchange online, it becomes ever more necessary to secure accounts against unauthorized access by cyberthieves.

The Importance of Online Account Security

This event is a good reminder to do everything we can to secure our accounts even though it was caused by Fidelity. In the Internet age, there are several steps we should all be taking regarding any online account. Hackers know that many people do not have basic protections in place regarding their online access. It is my belief that often a hack occurs when a bad actor nefariously obtains login credentials of someone’s online account or email account, especially if these accounts do not have multi-factor authentication established.

How to Create a Strong Password for Any Online Account

At a minimum, we encourage taking a thoughtful approach to creating a password convention that is specific to you and easy to remember. Most commonly someone will use information from their past to create passwords. However, that can be easily discoverable by hackers, and it might benefit you to create imaginary information about yourself. Here is one way to create a password convention; you will need:

  • A place you would like to travel to (for example, Italy).

  • An imaginary date, several months away, that you “plan” to travel (for example, June 2025).

  • A number one through five (such as four).

  • A special character (for websites that require this, such as “%”).

  • The name of the leader of your destination (Sergio Mattarella).

Next, create a password from the example information above using the first three letters of the location in all caps (ITA), four numbers for the date (0625), the fourth letter from the website you are visiting in lowercase (z, if logging into Amazon), your special character, and four more letters representing your destination leader’s last name (Matt). In this scenario, your password to access Amazon would be ITA0625z%Matt. Once June 2025 arrives, you have a trigger to change the password by changing the date and location.

As your password convention should be unique to you, it is important not to copy this one, but to create your own, write it down, store it in a place that is hard to find (some use password manager technology), and tell someone you trust where it is. For dual-factor authentication, some websites use challenge questions. If this is the case, you should consider using imaginary answers (and remember them). Thieves can find information online such as where you were born or went to high school or your mother’s maiden name.

Of all your passwords, the most important one is the password that accesses your email account because most website passwords can be reset through your email. If someone has access to your email account, it provides the keys for most other access.

How Multi-Factor Authentication Enhances Security on Connected Accounts

In the Internet age, thieves are less likely to take your money by breaking into your house. Instead, they might do so by hacking your username and password, especially if you use the same password for multiple websites. Setting up multi-factor authentication (“MFA”) greatly reduces the possibility of this happening to you because it adds an extra layer of security to your online accounts by requiring additional verification beyond just your password. This could be a code sent to your phone or an authentication app. By adding this second step, it becomes much harder for hackers to access your accounts, even if they have your password.

Taking Actionable Steps to Safeguard Your Online Accounts

The Fidelity 401(k) breach serves as a crucial reminder of the importance of securing online accounts. By taking proactive steps like updating passwords, enabling multi-factor authentication, and staying informed, you can significantly reduce your risk of being a target for cybercriminals. Start today by securing your online accounts and continue to apply these security practices across all your online activities, especially you email password.

Of course, none of this work if you give out this information. We believe that most people who are hacked, especially seniors, are victims of “social engineering.” That means a hacker obtains credentials by posing to be someone else (“Hello, this is your bank’s Fraud Department, and we are calling about an unauthorized charge.”) Be careful to only communicate with people you personally know about your information.

  • Information presented is for educational purposes only and is not personalized investment, financial, legal, tax, or accounting advice. Nothing on this website should be interpreted to state or imply that past performance is an indication of future performance. All investments involve risk and unless otherwise stated are not guaranteed. Be sure to consult with tax, legal, accounting, and financial professionals about your specific situation before implementing any planning strategies. Investment Advisory Services offered through Timberchase Financial, LLC, a Registered Investment Adviser with the U.S. Securities & Exchange Commission. Registration does not imply a certain level of skill or training.

Bryan Hancock, MBA, CFP®
Next

Elections & the Stock Market