More than 1,800 participants in Walmart’s 401(k) retirement plan were affected by a data breach that leaked their names and Social Security numbers, according to a notification that Bank of America filed with the Maine attorney general's office on May 23.
The filing disclosed that an employee of Merrill Lynch, the plan’s record keeper and the investment and wealth management arm of Bank of America, inadvertently disclosed personal information to an unauthorized recipient via an isolated email error on April 16.
Merrill became aware of the incident April 22, the filing said.
The Bentonville, Ark.-based 401(k) plan had $36.7 billion in assets as of Jan. 31, 2023, the most recent data available.
In a letter to affected customers, Merrill confirmed that the errant email had been deleted and that it was not aware of any misuse of their personal information. It also provided customers with a complimentary two-year membership in an identity-theft protection service provided by Experian IdentityWorks.
A Bank of America spokesman declined to comment beyond what was in the regulatory filing.
“Given all that we say in the disclosure to Maine and the client letter, I don’t think we have anything to add,” the spokesman said
Walmart did not immediately respond to a request for comment.
The breach follows a hack at J.P Morgan Chase Bank that exposed the records of more than 451,000 retirement plan participants. The breach was disclosed April 29.
