Fraudulent Activity

You may have received the email below from Fidelity concerning fraudulent activity - unspecified* - regarding the tax-favored savings accounts UC offers. If not, the text is below:

Dear UC Retirement Savings Program Participant, 

We want to make you aware that a limited number of UC Retirement Savings Program (RSP) accounts administered by Fidelity were affected by fraudulent activity in October 2024. Fidelity identified the issues involved, addressed any vulnerabilities, took immediate steps to protect affected accounts and restored unauthorized transactions. 

Your UC RSP account(s) were not affected. However, we want to take this opportunity to remind you of our Fidelity Customer Protection Guarantee and steps you can take to help protect your account(s).

The Fidelity Customer Protection Guarantee

Under Fidelity’s Customer Protection Guarantee, Fidelity reimburses any losses from unauthorized account activity, provided the activity was not due to a plan participant’s own actions. We understand that these kinds of situations can be concerning, and we want to reassure you that our team is here to support you.

Steps to help protect your account(s)

As part of our ongoing commitment to your account security, below are tips and resources to help you protect your UC RSP and Fidelity account information. If you haven’t done so already, please consider taking the following steps as soon as possible: 

1. Review your UC workplace account(s) (www.netbenefits.com) and personal Fidelity retail account(s) (www.fidelity.com), if applicable, regularly. Ensure your contact information and financial statements are accurate, including transaction history, bank, and tax information. Pay close attention to your profile information, especially mobile numbers and emails associated with multi-factor authentication (MFA) and account alerts.

Scan or Click the QR code to view Fidelity’s security checklist and safety resources, including top five account security recommendations, and more.

2. Pay close attention to account change alerts. Fidelity will notify you of any accounts opened on your behalf, as well as profile changes.

3. Report any concerning issues to Fidelity. If you notice any recent unusual activity or unauthorized changes, contact Fidelity immediately at 1-866-682-7787.

4. Take advantage of UC’s information security resources. UC offers services to assist you in managing cybersecurity risk, including multi-factor authentication applications and resources for reporting potential phishing attacks. For more information about cybersecurity at UC, including best practices for keeping your digital information safe, visit security.ucop.edu.

5. Attend the “CyberWellness®: Personal Security Checklist” webinar on Thursday, December 19, 2024, at 11:00 a.m. PT, where you’ll learn actionable tips to secure your accounts, identity and devices. Register here.

Thank you for your attention to this matter. Your vigilance in detecting and alerting authorities to security issues is important. We will continue to work with UC officials to monitor threats to your accounts and strengthen measures to help discourage additional attacks.

Sincerely,

Fidelity Investments 

===

*Yours truly is told the fraud was effected by creation of phony Fidelity accounts for minors with the same Social Security numbers as those of UC employees (presumably obtained from the dark web). A flaw in the Fidelity security system allowed transfers of money from the legitimate accounts to the phony accounts. Apparently, the flaw has been corrected and those whose accounts were hacked were reimbursed.