Oct. 24, 2024: This article has been updated with additional information and recommendations.
As originally shared here on Oct. 18 (and in a notification to locations on Oct. 15, 2024), a limited number of UC Retirement Savings Program accounts, administered by Fidelity Investments, have been the targets of separate incidents of fraudulent activity over the past few weeks. The Fidelity team has identified the issues involved and taken immediate steps to protect affected accounts.
In the next few weeks, Fidelity will contact all participants directly with an overview of what happened and what steps Fidelity is taking to enhance security. Under Fidelity’s Customer Protection Guarantee, Fidelity will reimburse any losses from unauthorized account activity, provided the activity was not due to an employee’s own actions.
Your vigilance in detecting and alerting authorities to security issues is vital and invaluable. If you have not yet done so, please take the following steps as soon as possible:
Review your Fidelity account(s) and report any potential issues.
Sign into any accounts you have with Fidelity — UC accounts at www.netbenefits.com and personal Fidelity retail accounts at www.fidelity.com — to ensure your information is accurate and up to date. Pay close attention to your profile information, especially mobile numbers and emails associated with multi-factor authentication (MFA) and account alerts. Fidelity will notify you of any profile changes.
If you notice any unusual activity or unauthorized changes to your account information, contact Fidelity immediately at 866-682-7787, Monday–Friday, 5 a.m.–9 p.m. PT.
Follow the steps in Fidelity’s security checklist and enhance your security with an authenticator app.
Fidelity’s checklist walks you through the tools and resources available to protect your account. A third-party authenticator app, which you may already use at your location, provides an extra layer of security.
If you’re not already using an authenticator app, here’s how to set it up:
- Download an authenticator app (such as Duo or Google Authenticator) from your mobile device’s app store.
- Log in to your account at www.NetBenefits.com or www.Fidelity.com, then go to Profile & Settings (person icon) and select Security Center.
- In the Multi-Factor Authentication at Login section, select Authenticator App.*
- Open the authenticator app and either scan the QR code or manually enter the secret key displayed.
- Enter the 6-digit code from the app on the Fidelity website and select Continue to complete your enrollment.
- When the pop-up confirms your enrollment, select Done.
- Make sure your device is not listed as a “trusted device,” otherwise the authentication won’t occur.
*On Netbenefits.com and Fidelity.com mobile apps, select General Settings > Authenticator app.
Take advantage of UC’s information security resources.
Your location offers a variety of services to assist you in managing cybersecurity risk, including multi-factor authentication applications and resources for reporting potential phishing attacks. Make sure you know and use the tools available to you, including UC’s cybersecurity training, required annually.
For more information about cybersecurity at UC, including best practices for keeping your digital information safe, visit security.ucop.edu.
In addition, UC provides a comprehensive identity protection program through Experian, paid for by UC, for UC employees, retirees and their dependent children up to age 18. Enrollment is automatic but you must set up your account to take advantage of all program features.