Fidelity Investments recently confirmed a significant data breach that exposed the sensitive personal information of more than 77,000 customers. The breach, which occurred between August 17 and August 19, has raised concerns about the security of customer data at one of the world’s largest asset management firms.
Details of the Breach: What Happened?
According to regulatory filings submitted to the attorney generals of Maine, New Hampshire, and Massachusetts, the breach allowed unauthorised access to customer data, including Social Security numbers and driver’s licenses. The incident occurred when an external party exploited vulnerabilities associated with two newly created accounts. However, the exact method by which this access was gained remains unclear.
In addition to this, a secondary breach was reported, revealing that another set of unauthorised actors accessed an internal database containing document images related to customers. Though this breach did not directly affect customer accounts or financial data, it highlights further vulnerabilities within Fidelity's systems.
The Response: Swift Action and Support
Fidelity has acted swiftly in response to the breach. External security experts were called in to assist in investigating the cause of the breach, and the company has since closed the security gap that was exploited. The company has confirmed that no customer accounts or funds were directly impacted, though the breach involved sensitive personal data.
To support those affected, Fidelity is offering credit monitoring and identity restoration services. These measures are intended to mitigate the risks of identity theft or fraudulent activity that could arise from the compromised information.
Wider Implications and Unrelated Incident
This data breach follows a separate, unrelated ransomware attack on Infosys McCamish Systems, an IT partner of Fidelity, earlier this year. Though unrelated, these incidents have raised concerns about the overall cybersecurity infrastructure at Fidelity and its partners.
As one of the world’s largest asset managers, Fidelity oversees customer assets totalling $14.1 trillion as of June 2024 and has more than 51.5 million individual investors. With such a large customer base, any breach in security is bound to raise questions about the strength of protections in place for customer data.
Fidelity Investments suffered a data breach that exposed the sensitive personal information of over 77,000 customers, including Social Security numbers and driver’s licenses. The breach, which occurred between August 17 and 19, resulted from the exploitation of vulnerabilities in newly created accounts. Fidelity has since taken steps to address the issue and is offering support services to affected customers.
Weiliang
Brian
Anais
Alex
Miyuki
Weatherly