UK Pension Told to Assume 470,000 Members’ Info Accessed in Capita Hack

The Universities Superannuation Scheme had stored participants’ details on Capita’s Hartlink platform, yet states ‘USS member data … has not been compromised.’



Approximately 470,000 members of the Universities Superannuation Scheme, the U.K.’s largest private pension fund, may have had personal details accessed during a recent data breach at pension administrator Capita.

In early April, Capita announced it had “experienced a cyber incident” on March 31 that mainly affected access to internal applications. As a result of the breach, The Pensions Regulator, the U.K.’s watchdog for workplace pensions, sent letters to hundreds of pension plan trustees to inform them of risk to their plan’s data. The Information Commissioner’s Office—the U.K.’s independent body for upholding information rights—and The Financial Conduct Authority have also urged companies to find out if any data has been stolen.

The USS stated that although it could not be certain if information about its members had been accessed or copied by the hackers, Capita recommended that the pension fund work from the assumption that it was. 

According to the USS statement, it uses Capita’s technology platform Hartlink to support its in-house pension administration processes, and it has been working closely with the company during its forensic investigations. The pension fund announced that “it has been confirmed that USS member data held on Hartlink has not been compromised,” but that USS member details were held on the Capita servers accessed by the hackers.

Never miss a story — sign up for CIO newsletters to stay up-to-date on the latest institutional investment industry news.

The information potentially accessed includes the names, dates of birth, National Insurance numbers, USS member numbers, titles, initials and retirement dates of some 470,000 active, deferred and retired members, according to USS. The pension fund is waiting to receive specific data from Capita, which it will then have to check and process, and plans to write to all members affected and, where applicable, their employers.

“We are very sorry that some USS member data held by Capita may have been accessed by a third party,” USS Group CEO Bill Galvin said in a statement. “We are very confident members’ pensions remain secure.” 

The ICO said in a statement that affected organizations “should also consider their position and report data breaches where necessary.” Companies are required to notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people’s rights and freedoms. However, if a firm decides a breach does not need to be reported, the ICO said it should keep its own record and be able to explain why it did not report the breach.


Related Stories:

UK Regulators Warn Pensions to Check Data After Capita Breach

SEC Settles Charges with Firm Over Failing to Report Hacking Attempts

UK’s Biggest Pension Fund Facing Lawsuit, Potential Strikes Over Benefit Cuts

Tags: , , , , , , , , , ,

SEC Charges Investment Firm for Fraudulent Coin Scam

Red Rock Secured allegedly tricked victims into selling off 401(k) assets to invest in coins at an exorbitant markup.



The SEC has charged a California-based investment firm and three of its executives for allegedly tricking hundreds of investors into selling off retirement account assets to buy gold and silver coins at exorbitant markups.

According to the SEC’s complaint, El Segundo, California-based Red Rock Secured LLC CEO Sean Kelly and two former senior account executives repeatedly solicited investors through “false and misleading statements.” They allegedly told investors that the best way to protect their nest eggs from stock market risk was to diversify by converting their securities into gold and silver coins. In particular, they talked them into buying coins sold by Red Rock, which they “misleadingly promoted as tangible assets that would always have value and typically increase in value,” the SEC complaint states.

Red Rock Secured allegedly targeted investors who held securities in retirement accounts, including the federal government employee Thrift Savings Plan, 401(k) accounts and individual retirement accounts.

“Defendants’ fraudulent scheme was designed to lure investors away from relatively liquid retirement account investments with well-defined and clearly-reported market values,” the complaint states. “Defendants solicited investors through numerous marketing materials, email campaigns, and telephone calls in which they made dire statements, some of which were false and misleading, warning that the investors’ existing securities holdings faced imminent and serious risk of losses.”

Never miss a story — sign up for CIO newsletters to stay up-to-date on the latest institutional investment industry news.

Firm representatives allegedly told investors they could buy gold or silver coins at a markup of only 1% to 5% above their cost for “common bullion” assets. However, according to the SEC, Red Rock did not disclose that the “premium” coins it was advising investors to purchase had a much higher markup: typically 120% to 130% greater than Red Rock’s cost to acquire the coins. The complaint alleges a transaction agreement the firm provided to clients contained misleading language that indicated it charged a maximum of 29% above its cost for “premium metals.”

The SEC alleges at least 700 clients sold more than $50 million worth of securities in their TSPs, IRAs and other retirement accounts to buy from Red Rock Secured the so-called premium coins “at Red Rock’s repeated urging and with its advice.” The firm allegedly pocketed more than $30 million of the funds investors paid for the “premium” coins.

“This upfront markup, or profit above Red Rock’s cost to acquire the coins, immediately put clients in a hole and significantly depleted the very retirement assets that Red Rock had advised clients to ‘protect,” the complaint states.

The SEC has charged Red Rock Secured, Kelly and senior account executives Anthony Spencer and Jeffrey Ward with violating the antifraud provisions of federal securities laws. The regulator is seeking permanent injunctions, disgorgement of allegedly ill-gotten gains plus interest and civil penalties, as well as an officer and director bar for Kelly.

“As our complaint alleges, the defendants used fear and lies to defraud investors out of millions of dollars from their hard-earned retirement savings,” Antonia Apps, director of the SEC’s New York regional office, said in a release. 

 

Related Stories:

SEC Charges Las Vegas Business Owner for Alleged Role in Defrauding Elderly Investors

Regulators Accuse Investment Firm of Preying on Elderly

FBI Arrests Head of Wealth Management Firm for Fraud

 

 

Tags: , , , , , , , , , ,

«