The 401(k) account takeover case of Paula Disberry is a chilling reminder of the vulnerabilities in our financial systems. It highlights how a simple phone call, combined with weak account-change safeguards, can drain retirement savings. In this article, I will delve into the details of this case, explore the broader implications, and offer insights into how individuals can protect their 401(k) accounts and retirement savings from potential threats. The Disberry case began when an impostor called Alight Solutions, the recordkeeper for Colgate-Palmolive's 401(k) plan, and identified herself as a Colgate employee. She asked to update the contact information on an account. Months later, the entire $751,430 balance had been sent to a Las Vegas address and bank account. The real account holder, Paula Disberry, was living in South Africa. This incident underscores the importance of robust identity verification processes and the need for recordkeepers to send alerts for major account changes. In my opinion, the fact that the impostor was able to bypass the login portal and change the contact information without triggering any alerts is deeply concerning. It raises a deeper question about the effectiveness of current security measures and the potential for similar incidents to occur in the future. The problem extends beyond 401(k) accounts. The FBI's April 2026 Internet Crime Report found that Americans 60 and older lost $7.7 billion to internet crime in 2025, a 59% jump from the year before. Investment fraud accounted for $3.5 billion of those losses, making retirement-age savers a major target for online criminals. What makes this particularly fascinating is that the consumer protections that govern credit card fraud do not apply to 401(k) account takeovers. This means that individuals are left vulnerable to potential threats without the same level of protection as they would have with credit card fraud. Account takeovers begin with information someone already has. Names, dates of birth, partial SSNs, and email addresses appear in dark web breach dumps, often combined with leaked passwords from unrelated services. When the account holder reuses a password across accounts, hackers can test that breach data directly against the recordkeeper's login portal. Disberry's takeover bypassed the login portal entirely. The impostor never logged in to Disberry's account directly. She called Alight's call center, used what she already knew about Disberry to clear identity verification, and had the contact information changed. After that, the temporary password Alight mailed went somewhere only the impostor could intercept. Some thieves skip the recordkeeper and go straight for the account holder. The New York Times documented the case of Barry Heitin, a 76-year-old retired lawyer, who lost $740,000 in 2024 after receiving a call from someone claiming to be a federal fraud investigator. The caller convinced Heitin that his retirement accounts were under attack and walked him through transferring the money out himself. He believed he was helping a federal investigation. Federal protections for retirement account theft are limited, but several account-level controls cost nothing and may make takeovers harder. Turn on multi-factor authentication on the recordkeeper portal. A stolen password is far less useful when a one-time code is required. Enable every account-change alert. Email and text alerts for password resets, contact information updates, address changes, and bank account changes are the earliest signals that someone else has access to your account. Ask your plan administrator about distribution holds. Some plans impose a waiting period between an address change and any distribution. Get the policy in writing and confirm what triggers the hold. Review statements quarterly. A new bank account or a change in contact information shows up faster on a quarterly review than on an annual one. Get an IRS Identity Protection PIN. The six-digit PIN, available at irs.gov/ippin, blocks fraudulent tax returns filed using your SSN. Freeze your credit at all three bureaus. A freeze blocks new accounts from being opened in your name. Equifax, Experian, and TransUnion have offered free freezes since September 2018. Multi-factor authentication, account-change alerts, credit freezes, and regular statement reviews can help protect your 401(k) before thieves strike. A strong identity theft monitoring service can add another layer of protection by watching for suspicious activity beyond the retirement plan portal. Some services let you link bank, credit card, and investment accounts so you can receive alerts when unfamiliar transactions appear. In a retirement account takeover, that could help flag suspicious money movement even if the recordkeeper misses the outgoing transfer. Many identity theft monitoring services also watch for changes across your credit reports, scan the dark web for exposed personal information, and search data broker or people-search sites for your details. Some plans also include fraud resolution support and identity theft insurance for eligible recovery costs. If you are unsure whether criminals have already exposed your information, take action now. Start with a free identity breach scan to see whether your data appears in known leaks. Early detection gives you more control and helps you respond before fraud spreads. You can also check whether your personal information is already being used for identity theft, fraud, or appearing on the dark web. In my opinion, the fact that retirement accounts can be targeted in this way is deeply concerning. It highlights the need for stronger security measures and the importance of individuals taking proactive steps to protect their financial assets. The earlier you spot suspicious activity, the better your chances of stopping the damage before it becomes a financial nightmare. In conclusion, the 401(k) account takeover case of Paula Disberry serves as a stark reminder of the vulnerabilities in our financial systems. It underscores the importance of robust identity verification processes, the need for stronger alerts, and the importance of individuals taking proactive steps to protect their retirement savings. By implementing the account-level controls mentioned above and utilizing identity theft monitoring services, individuals can take control of their financial security and safeguard their retirement savings from potential threats.
