MONTH-IN-BRIEF (Jun 2020)
Law Firm Faces Counterclaim in ERISA Case due to Work from Home and Personal Email Policies
By Jessica Poggi, Duke University School of Law
A Pennsylvania law firm is facing a claim that its lax security procedures contributed to the theft of $400,000 worth of 401(k) funds from the firm’s retirement accounts. Leventhal v. MandMarblestone, Grp., C.A. No. 18-cv-2727 (E.D. Pa. May. 27, 2020). According to the pleadings, criminals were able to gain access to the funds by obtaining a copy of an employee’s withdrawal receipt. The criminals then used the information to remove the entirety of the funds in the employee’s account.
The firm, Leventhal Sutton & Gornstein, sued the third-party administrator of the account, alleging that the administrator breached its fiduciary duty by allowing the criminals to access the funds. The administrator then filed a counterclaim against the firm, asserting that by allowing employees to work from home and use their personal emails for business, the firm created a cyber-security risk. The administrator further alleges that the risk constitutes a breach of the firm’s duty as a co-fiduciary under the Employee Retirement Income Security Act. U.S. District Judge Mitchell S. Goldberg allowed the counterclaim to move forward, noting that ERISA allows for claims of contribution and indemnity.