Fidelity Data Breach Exposes Personal Information of 77,000 People

• Fidelity Investments was hit by a cyberattack in August, which impacted the sensitive details of more than 77,000 individuals.
• The exposed personal information includes Social Security numbers and driver’s licenses.
• The company said the security incident did not affect direct customer accounts or involved funds.

Fidelity Investments, a leading global asset manager, has reported a significant security breach impacting 77,099 of its customers. The breach, occurring between August 17 and 19, led to unauthorized access to sensitive personal data, including Social Security numbers, financial accounts, and driver’s licenses.

In a submission to Maine’s attorney general, Fidelity disclosed that an unidentified third party exploited two newly created customer accounts to infiltrate its systems and assured customers that their investment accounts and funds were not compromised.

The breach also involved the submission of fraudulent requests to an internal database, allowing the retrieval of customer-related documents. This action came to light in a separate notice to New Hampshire’s attorney general, highlighting the breach's complexity and scope.

While Fidelity has acknowledged the data breach, specific details regarding how the two customer accounts facilitated unauthorized access to a broader customer base remain undisclosed. According to Fidelity spokesperson Michael Aalto, the breach did not impact direct customer accounts or involved funds.

Fidelity has over 51 million individual investors and approximately $14.1 trillion in total customer assets. The company offered 24 months of credit monitoring and identity theft restoration services through Transunion LLC.

For affected customers, the breach poses a risk of identity theft and other forms of financial fraud. Customers are advised to remain vigilant, monitor their credit reports, and report any suspicious activity to the relevant authorities.

In other recent news, Star Health and Allied Insurance Company confirmed a data breach following cybercriminals' claims that they disseminated customers' health records online via Telegram.