Introduction

Fidelity Investments recently experienced a data security breach affecting a subset of its customer base. This incident involved unauthorized access to sensitive personal information but did not compromise customers’ investment accounts or funds.

Description

Fidelity Investments has confirmed a data security incident affecting 77099 customers [3] [4], during which an unauthorized third party accessed two fraudulent customer accounts and obtained private information [3] [5], including sensitive data such as Social Security numbers and driver’s licenses. The breach occurred between August 17 and August 19 [1] [2] [4] [5] [6] [8], with detection on August 19, prompting Fidelity to terminate the unauthorized access immediately and report the incident to Maine’s attorney general. Importantly, the breach did not involve direct access to customers’ investment accounts or funds, and the compromised information represents a small subset of Fidelity’s total customer base of over 50 million individuals.

The attackers accessed documents related to Fidelity customers by submitting fraudulent requests to an internal database [7] [8], although the breach was limited to this specific database [7]. This incident marks Fidelity’s second data breach in 2023 [5], following a March breach involving approximately 30000 individuals due to its service provider [3] [5], Infosys McCamish (IMS) [1] [3] [5].

In response to the recent breach [3], Fidelity is providing 24 months of free credit monitoring and identity restoration services through TransUnion Interactive [3] [5]. Affected customers must use a code provided in a notification letter sent via USPS to activate this service. Fidelity encourages customers to change their passwords and closely monitor their financial statements and credit reports for any suspicious activity. Additionally, customers are advised to consider placing fraud alerts or freezing their credit to prevent unauthorized account openings. Fidelity manages approximately $14.1 trillion in total customer assets [8].

Conclusion

The recent data breach at Fidelity Investments underscores the ongoing challenges of data security in the financial sector. While the breach did not impact investment accounts or funds, the exposure of sensitive personal information necessitates vigilant monitoring and protective measures by affected customers. Fidelity’s response [8], including offering credit monitoring services, aims to mitigate potential impacts. This incident highlights the importance of robust security protocols and the need for continuous improvement to prevent future breaches.

References

[1] https://www.techrepublic.com/article/fidelity-data-breach-oct/
[2] https://mashable.com/article/fidelity-investments-data-breach-77000-customers
[3] https://www.darkreading.com/cyberattacks-data-breaches/fidelity-notifies-77k-customers-data-breach
[4] https://www.yahoo.com/tech/over-77-000-customers-personal-130049970.html
[5] https://www.isss.org.uk/news/fidelity-notifies-77k-customers-of-data-breach/
[6] https://www.aol.com/news/over-77-000-customers-personal-130049356.html
[7] https://www.zdnet.com/article/fidelity-breach-exposed-personal-data-of-77000-customers-what-to-do-if-youre-affected/
[8] https://techcrunch.com/2024/10/10/fidelity-says-data-breach-exposed-personal-data-of-77000-customers/