Asset management giant Fidelity Investments has confirmed a data breach in which scammers stole sensitive information about tens of thousands of people.
The company announced the news via a notification of infringement filed with the Maine Attorney General’s Office, noting that between August 17 and 19, 2024, threat actors used two “recently created” customer accounts to gain access to company infrastructure.
“We discovered this activity on August 19 and immediately took steps to terminate access,” the company said in the letter. “An investigation was immediately launched with the assistance of external security experts,” it added. The investigation found that the scammers obtained information “related to a small subset” of Fidelity customers and failed to gain access to anyone’s accounts.
Identity theft monitoring
This “small subset” includes exactly 77,099 customers, including 337 Maine residents. The letter doesn’t provide details on the type of information stolen, but TechCrunch found a separate filing with the Massachusetts attorney general that said the hackers obtained people’s Social Security numbers and driver’s licenses — more than enough information to engage in phishing and identity theft. , or possibly even wire fraud.
To access the data, the scammers allegedly created two customer accounts and used them to submit fraudulent requests to an internal database containing images of Fidelity customer documents.
So far, there’s no evidence that the data is being misused in the wild, but Fidelity isn’t taking any chances. All affected individuals will be offered free credit monitoring and identity restoration services for 24 months.
Fidelity Investments is a major financial services company offering investment management, retirement planning, brokerage and asset management services. The company manages more than $4 trillion in assets for more than 40 million individual investors, institutions and financial advisors.
Fidelity provides access to mutual funds, ETFs and a wide range of investment products.
Via TechCrunch