Pierluigi Paganini
October 14, 2024
U.S.-based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack.
The data breach occurred on August 17, 2024 and was discovered two days later, on August 19, 2024.
“Between August 17 and August 19, a third party accessed and obtained certain information without authorization using two customer accounts that they had recently established. We detected this activity on August 19 and immediately took steps to terminate the access. An investigation was promptly launched with assistance from external security experts.” reads the data breach notification letter shared by the company with the Maine Attorney General “The information obtained by the third party related to a small subset of our customers. Please note that this incident did not involve any access to your Fidelity account(s).”
Compromised information includes names, Social Security numbers, financial account data, and drivers license information. The company confirmed that financial data was not exposed and Fidelity customer accounts were not hacked.
Fidelity Investments has informed attorney generals in various states that the attacker had created two customer accounts, which they used to obtain images of documents pertaining to Fidelity customers from an internal database.
The company offers impacted individuals 24 months of free credit monitoring and identity restoration services.
In March, Fidelity notified roughly 28,000 individuals that their personal information was compromised due to a data breach suffered by third-party provider Infosys McCamish System (IMS).
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
