Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

77,000 customers exposed in Fidelity Investments data breach

One of the world’s largest asset management firms has revealed that the data of over 77,000 of its customers was exposed in an August data breach.

user icon Daniel Croft
Fri, 11 Oct 2024
77,000 customers exposed in Fidelity Investments data breach
expand image

Fidelity Investments, one of the top five asset management companies in the world, revealed in a breach notification to customers that a third party, using two customer accounts it created, gained unauthorised access to some data stored on its network.

“Between August 17th and August 19th, a third party accessed and obtained certain information without authorisation using two customer accounts that they had recently established,” Fidelity told customers.

“We detected this activity on August 19 and immediately took steps to terminate the access.”

============
============

Fidelity added that no customer accounts were accessed in the breach.

In a filing with the Maine attorney-general, the company confirmed that a total of 77,099 people were affected in the breach, with names or other personal identifiers accessed.

In a second data breach filing with the New Hampshire attorney-general, Fidelity said that the access “was limited to [a] single internal database” and that following a review of the data accessed, it determined that the threat actor exfiltrated the data of “a small subset of Fidelity’s customers”.

In a third data breach filing with the Massachusetts attorney-general, Fidelity said that stolen data included social security numbers and financial account access.

In its notice to customers, Fidelity said it is yet to identify any instances in which data accessed by threat actors has been used maliciously.

“Although we are not aware of any misuse of your personal information obtained because of this incident, we have arranged for you to enrol, at your option, in a credit monitoring and identity restoration service for 24 months at no cost to you,” the company said.

Fidelity Investments is a major asset management firm, having managed $4.9 trillion in assets last year and reporting a revenue of over $28 billion. The company says it has over 51 million individual investors as customers and manages $14.1 trillion in assets as of June this year. The company controls almost as much as JPMorgan Chase and Morgan Stanley combined, according to CyberNews.

This is the second this year the Fidelity Investments brand has suffered a cyber incident, as threat actors previously gained access to data belonging to its life insurance division.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.