For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.
American Trust Notifies Participants of Data Breach
The recordkeeper reported that participant information was exposed in August 2024 due to suspicious email activity.
The American Trust Co. alerted retirement plan participants early this month about a data breach that occurred in August 2024.
According to a notice on the Maine attorney general’s website, American Trust became aware on August 13 of suspicious activity within its “email environment.”
The firm filed notices about the breach with officials in at least four states, including Maine, California, Massachusetts and Texas. The breach exposed the data of 886 participants in Texas, 338 in Massachusetts and 54 in Maine. The California attorney general’s website does not reveal the number of individuals exposed.
Information that was exposed includes Social Security numbers, medical information and financial accounts, according to the Texas and Massachusetts notifications.
Across its entire business, American Trust works with more than 425,000 retirement plans, covering more than 7 million participants. It recordkeeps more than $550 billion in assets, according to its website.
In response to the breach, the recordkeeping firm began an investigation and found that certain emails may have been copied without authorization between August 8 and August 13. The firm conducted a comprehensive review of the relevant emails and on December 5 determined that personal information related to some participants was contained in the emails.
American Trust began notifying participants starting on January 2.
Law firm Migliaccio & Rathod LLP, which specializes in data breach class action lawsuits, announced on Tuesday that it is investigating the incident.
American Trust advised the affected individuals to review their account statements and monitor their free credit reports for suspicious activity and to detect errors. The firm is also providing affected participants free identity protection services from Experian.
When asked for comment, a spokesperson at American Trust referred to the firm’s press release and said the company has notified all affected individuals and relevant authorities about the issue.
The most recent prior known data breach incident impacting retirement plan participants involved Fidelity Investments and participants in the University of California Retirement Savings Program this past October.