Fidelity Investments has confirmed that it suffered a major data breach to US authorities. In its filing with the Office of the Maine Attorney General, the US-based asset manager said the incident, which occurred in August, exposed the personal information of more than 77,000 customers. Fidelity Investments added that it had commissioned external security experts to investigate the cause of the data breach.
The firm also confirmed in a letter to its customers that it had made provision for a credit monitoring and identity restoration service, accessible to any of them for a period of 24 months. “This service allows you to monitor your credit reports and to detect any unusual activity that may affect your personal financial situation,” wrote Fidelity Investments.
Fidelity Investments suffers significant data breach
The US-based asset manager employs over 75,000 associates worldwide and oversees $14.1 trillion in assets under administration and $5.5 trillion under management. The Boston-headquartered firm caters to its customers through 216 investor centres in the US as well as 14 regional sites worldwide, including India and Ireland.
According to the disclosure, the breach took place between 17 and 19 August, when attackers used two newly established customer accounts to steal sensitive information. The company said that the suspicious activity was detected on 19 August, prompting the company to immediately terminate the unauthorised access and begin a thorough investigation.
The financial services firm noted that the breach impacted only a small subset of its customers and did not involve unauthorised access to their Fidelity accounts. While the personal information of 77,099 individuals was exposed, the firm has not yet disclosed specific details regarding the nature of the data stolen, other than names and personal identifiers.
Fidelity Investments has not explained how attackers were able to access the data of tens of thousands of customers using just two accounts, reported BleepingComputer. The publication also reported that Michael Aalto, Fidelity Investments’ external corporate communications head declined to provide further details, stating that the attackers had viewed customer information but not account details.
Earlier this week, another financial services company MoneyGram also disclosed that a cyberattack in September compromised personal and transaction data belonging to its customers. The fintech suspended customer transactions and account access as part of the temporary shutdown of its IT systems after identifying the breach on 27 September.