Colgate-Palmolive Retirement Account Colgate-Palmolive 401(k) Theft Lawsuit, One Phone Call Wiped Out $751,430 in Retirement Savings

Colgate-Palmolive is at the center of a landmark ERISA lawsuit after a fraudster drained the entire 401(k) balance of former employee Paula Disberry — $751,430.53 — in a single unauthorized distribution, without her knowledge or consent. The case, Disberry v. Employee Relations Committee of the Colgate-Palmolive Company, Case No. 22-CV-5778, was filed in the U.S. District Court for the Southern District of New York. It reached a tentative settlement in September 2024 on undisclosed terms. This case is now a national warning sign for every American with a 401(k).

Quick Facts: The Colgate-Palmolive 401(k) Theft Case

Field	Detail
Case Name	Disberry v. Employee Relations Committee of the Colgate-Palmolive Company
Case Number	22-CV-5778
Court	U.S. District Court, Southern District of New York
Judge	Hon. Colleen McMahon
Law Alleged Violated	Employee Retirement Income Security Act (ERISA) — breach of fiduciary duty
Defendants	Colgate-Palmolive Employee Relations Committee; Alight Solutions (recordkeeper); BNY Mellon (custodian — later dismissed)
Amount Stolen	$751,430.53
Lawsuit Filed	July 7, 2022
Settlement Status	Settled September 2024 — terms undisclosed
Last Updated	May 17, 2026

How a Fraudster Stole $751,430 from a Colgate-Palmolive 401(k)

Paula Disberry worked for Colgate-Palmolive from 1993 to 2004 and left her retirement savings in the company plan when she moved abroad. By early 2020, her account held over $750,000.

On January 29, 2020, an unauthorized person called Alight Solutions’ Benefits Information Center, claimed to be Disberry, and asked to update her contact information. To clear security, the caller provided Disberry’s name, the last four digits of her Social Security number, her date of birth, and her mailing address. That was enough.

Alight then sent a temporary PIN by mail to Disberry’s address in South Africa. The lawsuit alleges that an unauthorized person intercepted that mail and stole the PIN. From there, the thief had everything they needed.

On February 24, 2020, the fraudster called back, used the stolen PIN to create a permanent PIN, and changed Disberry’s phone number, email address, user ID, and password. On March 17, 2020, the fraudster logged in and requested a full payout of the account — sending the money to a Las Vegas address.

A check for $601,144.42 — the gross amount less mandatory tax withholdings — was mailed to the Las Vegas address and deposited at a Bank of America branch there.

Disberry discovered the theft on September 14, 2020, when she tried to log into her account. By then, the money was gone. Colgate’s plan administrator denied her claim for restoration, stating the distribution had followed plan procedures.

The case became one of the most closely watched ERISA fiduciary duty lawsuits in the country — because the plan’s own recordkeeper let it happen.

Related article: Volvo Recalls 413,000+ Cars for Backup Camera Failures and the Class Action That Could Get Dismissed Before It Starts

What Made This 401(k) Theft So Easy to Pull Off

This wasn’t a sophisticated hack. No one broke into a server or bypassed encryption. The thief made a phone call.

Disberry’s attorneys argued that Alight “ignored multiple red flags” throughout the fraud, and that Alight was “aware of its vulnerabilities given its history of multiple thefts from retirement plans that used its services.”

The lawsuit also noted that Disberry’s defined benefit plan — which was not administered by Alight — had stronger security. That plan required proof of photo identification before any distribution. The 401(k) plan did not.

That single difference may have cost Paula Disberry her entire retirement.

Judge McMahon declined to dismiss Alight from the case, noting that Alight “is specifically alleged to have violated its own protocols by not waiting two weeks after making an address change before processing a distribution request.”

This case goes to the heart of a consumer rights problem hiding in plain sight: your 401(k) may have weaker fraud protections than your credit card. If you are a current or former employee with money sitting in a company retirement plan, the Disberry case is directly relevant to you. For a broader look at how retirement plan lawsuits are playing out in 2026, see our guide to Chase class action lawsuits targeting ERISA violations.

Are You Part of the Colgate-Palmolive 401(k) Lawsuit?

This specific case — Disberry v. Colgate-Palmolive — was filed as an individual ERISA lawsuit, not a class action. The settlement terms are confidential. There is no open claim form and no public settlement fund to apply to.

However, this case matters to you if any of the following apply:

• You may be similarly affected if you are a current or former employee of any company that uses Alight Solutions as its 401(k) recordkeeper
• You may be similarly affected if you have a 401(k) account you have not logged into recently or monitored for changes
• You may be similarly affected if your retirement plan does not require photo ID or two-factor authentication for distributions
• You may NOT be directly part of this case if you are a Colgate-Palmolive employee — this case was individual, not a class action

Alight Solutions has faced other theft-related lawsuits as well. Heide Bartnett, a former Abbott Laboratories employee, sued Alight over a separate $245,000 unauthorized 401(k) distribution. The pattern matters.

The Government Is Now Paying Attention to 401(k) Theft

The Disberry case did not stay inside a courtroom. It triggered a government response.

In February 2026, the Government Accountability Office recommended that the U.S. Department of Labor issue new guidance on retirement plan participant data privacy. The GAO cited eleven separate ERISA lawsuits filed between 2009 and 2024 in making its recommendation.

When account takeover hits a 401(k), the consumer protections that govern credit card fraud do not apply. That is the core problem. Credit card theft carries federal protections under the Fair Credit Billing Act. Retirement account theft falls under ERISA — and ERISA’s fraud protections are far less clear.

The FBI’s April 2026 Internet Crime Report found that Americans 60 and older lost $7.7 billion to internet crime in 2025, a 59% jump from the prior year, with investment fraud accounting for $3.5 billion of those losses.

Your retirement savings are not protected the same way your bank account is. That is the real story here.

What You Should Do Right Now to Protect Your 401(k)

You cannot file a claim in the Disberry case. But you can take steps today to make sure what happened to Paula Disberry does not happen to you.

1. Log into your 401(k) account today. Disberry went months without checking. If you have not logged in recently, do it now and verify your contact information is accurate.
2. Enable every available security alert. Turn on email and text notifications for any account change — address, phone number, beneficiary, or distribution request.
3. Set up multi-factor authentication on your plan’s recordkeeper portal if it is available. A password alone is not enough.
4. Check who manages your plan. If your employer uses Alight Solutions, contact your HR department and ask what fraud prevention controls are in place for distributions.
5. Save your records. Keep statements, account snapshots, and any communications from your plan administrator. If fraud occurs, documentation matters.
6. Contact a consumer rights lawyer if you discover unauthorized changes to your retirement account — act immediately. ERISA has strict time limits for filing claims.

If your employer’s retirement plan denied a legitimate claim for restored funds after unauthorized activity, you may have grounds to pursue compensation for damages under ERISA. Consulting a class action lawsuit attorney or an ERISA specialist is the right first step.

For more information on how to respond when you receive official notice about a settlement or legal matter affecting your accounts, see our guide on understanding legal notice of class action settlements.

Colgate-Palmolive 401(k) Lawsuit Timeline

Milestone	Date
Fraud occurs — fraudster drains Disberry’s account	January–March 2020
Disberry discovers theft	September 14, 2020
Plan administrator denies Disberry’s claim for restoration	April 17, 2022
ERISA lawsuit filed in SDNY	July 7, 2022
Judge McMahon denies motions to dismiss (Alight and Colgate committee remain)	December 2022
BNY Mellon dismissed from case	December 2022
Motion for summary judgment filed by Disberry’s attorneys	November 2023
Case settled on confidential terms	September 2024
GAO recommends DOL issue new retirement plan data privacy guidance	February 2026

Frequently Asked Questions

Is there still a class action lawsuit against Colgate-Palmolive for 401(k) theft?

No. The Disberry v. Colgate-Palmolive case was filed as an individual ERISA lawsuit, not a class action. It settled in September 2024 on undisclosed terms in the U.S. District Court for the Southern District of New York. No open claim form exists.

Do I need to do anything right now if I have a Colgate-Palmolive 401(k)?

There is no claim form to file for this specific case. What you should do is log into your account, verify all contact information is accurate, and turn on every available account-change alert through your plan’s recordkeeper portal.

How did the fraudster bypass 401(k) security in this case?

The fraudster called Alight’s Benefits Information Center and provided Disberry’s name, last four digits of her Social Security number, date of birth, and mailing address — all of which were enough to pass the call center’s identity check. No password or photo ID was required.

Can I join a class action lawsuit against Alight Solutions for 401(k) theft?

No public class action against Alight Solutions is currently certified for 401(k) theft. If you experienced unauthorized activity in a retirement plan administered by Alight, consult a consumer rights lawyer or ERISA attorney who can review your individual situation.

When will I find out if a class action against 401(k) recordkeepers is filed?

Monitor the U.S. Department of Labor website at dol.gov and the GAO at gao.gov for updates following the February 2026 guidance recommendation. If a new class action is filed, AllAboutLawyer.com will cover it.

Does ERISA protect me if my 401(k) is stolen?

ERISA requires plan fiduciaries to act prudently and in participants’ best interests — including protecting plan assets from foreseeable fraud. However, the consumer protections that apply to credit card fraud do not automatically apply to 401(k) theft. Recovery depends on whether your plan fiduciaries breached their duties under ERISA, which requires legal analysis of the specific facts.

How much did Alight pay to settle the Disberry case?

The settlement terms were not disclosed publicly. Judge Colleen McMahon signed the dismissal order in September 2024, noting the case could be reopened if the settlement was not finalized, but the court did not publish settlement terms.

Sources & References

• Disberry v. Employee Relations Committee of the Colgate-Palmolive Company, Case No. 22-CV-5778, U.S. District Court for the Southern District of New York — court docket via PACER
• U.S. Government Accountability Office, Retirement Plans: Department of Labor Guidance Could Mitigate Privacy Risks for Participants, GAO-26-107271, February 26, 2026 — gao.gov
• U.S. Department of Labor, ERISA Enforcement — dol.gov

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding your particular situation, consult a qualified ERISA attorney.

Prepared by the AllAboutLawyer.com Editorial Team and reviewed for factual accuracy against official court records and U.S. Government Accountability Office published reports. Last Updated: May 17, 2026.