Security Incident at Fidelity Compromises Details of More Than 77,000 Clients
During the month of August, data belonging to 77,099 customers of Fidelity Investments in Maine was unlawfully accessed by a threat actor, as disclosed by the financial institution in a breach notification dispatched to numerous clients on October 9.
The intruder did not tamper with any funds within Fidelity investment profiles. Nonetheless, the individual managed to retrieve personal details, such as Social Security numbers and driver’s licenses, and proceeded to setup two additional client profiles. As a response, Fidelity blocked the unauthorized access and extended impacted customers the option of credit monitoring and identity recovery assistance.
“The protection of your information and handling of this occurrence is of utmost importance to us,” stated the Fidelity Investments Private Office in a specimen notice tailored for residents in Maine. “Upon identifying this unauthorized activity, we promptly moved to terminate it and deal with the situation.”
Concerns Around Cyberattack Aspects Remain Unaddressed
Per Fidelity’s official communication concerning the data breach in Maine, the intrusion happened between August 17 and 19. At the moment, Fidelity has not disclosed the method through which the intruder gained entry or the particular characteristics of the new accounts that enabled navigation through the system.
“The data accessed by the external party pertained to only a small subset of our clients,” Fidelity remarked.
VIEW: Microsoft and Apple are releasing significant updates during the latest Patch Tuesday.
In addition to closing off the intruder’s pathway into the system, Fidelity enlisted the aid of external security specialists to contribute to the investigation. Fidelity stated that the response was swift. The company furnished credit monitoring and identity restoration services to promptly notify customers of any unfamiliar activities within their investment accounts.
This is not the first instance where Fidelity has faced cyber threats. Back in March, Fidelity made a public announcement confirming that client information was exposed during a ransomware attack. In that incident, hackers infiltrated Infosys McCamish Systems through its IT networks in November 2023. The recent October disclosure does not appear to be linked to that incident.
Practicing Caution with Accounts Containing Privileged Data
Advising clients to actively monitor their accounts for any fraudulent or questionable activities, Fidelity also directs them to guidelines on setting up a fraud alert or checking credit reports. The suggestions include:
- Regularly examine statements for all financial and related accounts.
- Keep a watch on your credit reports.
- Swiftly communicate any suspicious activity to your financial institution, local authorities, or the relevant state office.
Upon request for feedback, Fidelity corroborated the details outlined in the drafted breach notification.
“We understand that our clients might seek clarification on this incident and we have support channels in place to assist them,” affirmed Fidelity in a statement provided by Michael Aalto, the Corporate External Communications Head. “Fidelity upholds its commitment to customer service and safeguarding information with utmost dedication.”
About Author
