Share this article on:
One of the world’s largest asset management firms has revealed that the data of over 77,000 of its customers was exposed in an August data breach.
Fidelity Investments, one of the top five asset management companies in the world, revealed in a breach notification to customers that a third party, using two customer accounts it created, gained unauthorised access to some data stored on its network.
“Between August 17th and August 19th, a third party accessed and obtained certain information without authorisation using two customer accounts that they had recently established,” Fidelity told customers.
“We detected this activity on August 19 and immediately took steps to terminate the access.”
Fidelity added that no customer accounts were accessed in the breach.
In a filing with the Maine attorney-general, the company confirmed that a total of 77,099 people were affected in the breach, with names or other personal identifiers accessed.
In a second data breach filing with the New Hampshire attorney-general, Fidelity said that the access “was limited to [a] single internal database” and that following a review of the data accessed, it determined that the threat actor exfiltrated the data of “a small subset of Fidelity’s customers”.
In a third data breach filing with the Massachusetts attorney-general, Fidelity said that stolen data included social security numbers and financial account access.
In its notice to customers, Fidelity said it is yet to identify any instances in which data accessed by threat actors has been used maliciously.
“Although we are not aware of any misuse of your personal information obtained because of this incident, we have arranged for you to enrol, at your option, in a credit monitoring and identity restoration service for 24 months at no cost to you,” the company said.
Fidelity Investments is a major asset management firm, having managed $4.9 trillion in assets last year and reporting a revenue of over $28 billion. The company says it has over 51 million individual investors as customers and manages $14.1 trillion in assets as of June this year. The company controls almost as much as JPMorgan Chase and Morgan Stanley combined, according to CyberNews.
This is the second this year the Fidelity Investments brand has suffered a cyber incident, as threat actors previously gained access to data belonging to its life insurance division.