Inaya Mclaughlin
In August 2024, Fidelity Investments, a multinational financial services company, suffered a data breach that compromised the personal information of 77,099 customers. The breach was carried out by an unknown attacker who stole data using two recently established customer accounts. While no Fidelity accounts or funds were compromised, the exposed information included names, Social Security numbers, and driver's licenses. In response, Fidelity terminated the attacker's access, conducted an investigation, and offered those affected two years of free credit monitoring and identity restoration services.
| Characteristics | Values |
|---|---|
| Date of the breach | August 2024 |
| Number of customers affected | 77,099 |
| Type of information exposed | Names, Social Security numbers, driver's licenses, and other personal identifiers |
| Accounts compromised | Two recently established customer accounts |
| Company's response | Terminated access immediately, offered two years of free credit monitoring and identity restoration services |
| Recommended actions for affected customers | Regularly review statements, monitor credit reports, report suspicious activity |
What You'll Learn
A data breach exposed personal data of 77,000 customers
Fidelity Investments, a multinational financial services company based in Boston, has disclosed a data breach that exposed the personal information of 77,099 customers. The breach occurred in August 2024 when an unknown attacker stole data using two recently established customer accounts.
Fidelity stated that they detected the breach on 19 August and promptly terminated the attacker's access and launched an investigation with the help of external security experts. In a letter to those affected, the company confirmed that the incident did not involve any access to customers' Fidelity accounts or funds. However, it did result in the exposure of customers' personal information, including names, Social Security numbers, and driver's licenses.
Fidelity has not revealed further details about the specific data accessed by the attackers or how the creation of two customer accounts allowed access to thousands of other customers' data. When asked, Fidelity's head of external corporate communications, Michael Aalto, stated that they could not share that information at the time.
In response to the breach, Fidelity is offering those affected two years of free TransUnion credit monitoring and identity restoration services. The company has also advised customers to remain vigilant for fraudulent activity or identity theft by regularly reviewing their statements and credit reports and promptly reporting any suspicious activity to the appropriate authorities.
This incident marks the second data breach for Fidelity Investments in 12 months and highlights the ongoing challenges faced by companies in protecting sensitive customer information from cyberattacks.
Best-Performing Investment Funds: Strategies for Success
You may want to see also
No Fidelity accounts were compromised
In August 2024, Fidelity Investments, a multinational financial services company, suffered a data breach that exposed the personal information of 77,099 customers. This included names, Social Security numbers, and driver's licenses. The breach was carried out by an unknown attacker who gained access to customer information by using two recently established customer accounts.
Fidelity detected the breach on August 19 and promptly terminated the attacker's access. The company also launched an investigation with the help of external security experts. While personal information was exposed, no Fidelity accounts were compromised in the breach. This was confirmed by Fidelity in a letter sent to those affected, as well as in statements to the media.
In the wake of the incident, Fidelity offered those affected two years of free TransUnion credit monitoring and identity restoration services. The company also advised customers to remain vigilant for fraudulent activity or identity theft by regularly reviewing their statements and monitoring their credit reports.
While the breach did not result in any account compromises, it raised questions about the security measures in place at Fidelity. The company's cybersecurity infrastructure has come under scrutiny, especially considering that this incident marked the firm's second breach in 12 months.
Fidelity has emphasized its commitment to safeguarding customer information and has resources in place to assist customers with any questions or concerns regarding the attack.
AI Investment: Top Funds to Watch
You may want to see also
Customers offered 24 months of credit monitoring and identity theft protection
Fidelity Investments, a Boston-based multinational financial services company, has offered 24 months of credit monitoring and identity theft protection to customers affected by a data breach that exposed the personal information of 77,099 customers. This large-scale security incident, which occurred in August, involved an unknown attacker who stole data using two recently established customer accounts.
Fidelity's head of external corporate communications, Michael Aalto, stated that the breach did not involve access to customer accounts or funds. However, the exposed personal information included sensitive data such as Social Security numbers and driver's licenses. In response, Fidelity provided those affected with two years of free TransUnion credit monitoring and identity restoration services. This proactive step by Fidelity aims to mitigate potential harm and empower customers to protect themselves from fraudulent activity and identity theft.
To activate the credit monitoring and identity theft protection services, customers can use the code provided in their letter sent via USPS mail. These services, offered in partnership with TransUnion Interactive, are designed to proactively notify customers of data breaches and alert them if their personal data appears on the dark web. Additionally, customers are advised to regularly review their statements, monitor their credit reports, and promptly report any suspicious activity to the relevant authorities.
While the breach only affected a small percentage of Fidelity's overall customer base, it highlights the ongoing challenges faced by organisations in safeguarding sensitive data from increasingly sophisticated cyber threats. This incident serves as a reminder for individuals to remain vigilant and proactive in protecting their personal information and quickly addressing any potential security breaches.
Equity-Free Investment Strategies: Diversifying Your Portfolio
You may want to see also
The breach occurred in August 2024
Fidelity Investments informed various state attorney generals that the attacker had created two customer accounts, which they used to obtain images of documents pertaining to Fidelity customers from an internal database. The company confirmed that financial data was not exposed and that Fidelity customer accounts were not hacked.
The breach exposed names, Social Security numbers, financial account data, and driver's license information. Fidelity offered impacted individuals 24 months of free credit monitoring and identity restoration services.
Mutual Funds Backing AMD: Who's Investing in the Tech Giant?
You may want to see also
The breach was carried out by an unknown attacker
Fidelity Investments, a multinational financial services company based in Boston, disclosed that an unknown attacker exposed the personal information of 77,099 customers. The breach occurred between 17 and 19 August, and the company detected the activity on 19 August. In a filing with the Office of Maine's Attorney General, Fidelity stated that the attacker used "two customer accounts that they had recently established" to steal data. The company did not reveal how the creation of these two accounts allowed access to the data of thousands of customers.
Michael Aalto, Fidelity's head of external corporate communications, told BleepingComputer that they could not share information on how the attacker accessed the data of thousands of customers using the two accounts. He added that "they did not view accounts. They viewed customer information".
Fidelity's notification letter to customers stated that they "immediately took steps to terminate access" after detecting the breach. The company also launched an investigation with the help of external security experts. While no Fidelity accounts or funds were compromised, the breach exposed customers' names and other personal identifiers.
Fidelity offered those affected two years of free TransUnion credit monitoring and identity restoration services. The company advised customers to remain vigilant for fraudulent activity or identity theft by regularly reviewing statements and monitoring credit reports. Additionally, customers were encouraged to report any suspicious activity to their financial institution, local law enforcement, or the appropriate state authority.
This incident marks the second breach for Fidelity Investments in 12 months and underscores the ongoing challenges faced by organisations in protecting sensitive customer data from unknown attackers.
Best Accounts to Invest in Mutual Funds
You may want to see also
Frequently asked questions
Yes, in August 2024, Fidelity Investments suffered a data breach that exposed the personal information of 77,099 customers. An unknown attacker stole data using two recently established customer accounts.
The personal information exposed in the breach included names, Social Security numbers, and driver's licenses.
After detecting the breach on August 19, Fidelity immediately terminated the attacker's access and launched an investigation with the help of external security experts. The company also offered those affected two years of free credit monitoring and identity restoration services.
