For more stories like this, sign up for the PLANADVISERdash daily newsletter.
Compliance October 10, 2024
Fidelity Data Breach Exposed Info of 77,000 Clients
The August hack did not provide direct access to users’ accounting, according to a security breach filing.
Reported by Alex Ortolani
A data breach exposed the personal information of about 77,000 Fidelity clients this summer, the firm reported Wednesday.
From August 17 through August 19, a third party accessed and obtained client information without authorization from the company, Fidelity reported to the Office of the Maine Attorney General. The incident did not provide any access directly to those clients’ Fidelity accounts.
In a letter to those clients, the firm explained that the hackers leveraged “two customer accounts that they had recently established” to gain access to information for a “small subset of our customers.”
“An investigation was promptly launched with assistance from external security experts,” Fidelity wrote in the letter to clients posted on the Maine attorney general’s website.
In that letter, Fidelity offered affected clients two years of credit monitoring and identity restoration service through Transunion LLC.
“We detected this activity on August 19 and immediately took steps to terminate the access,” Fidelity wrote via email. “We recognize our customers may have questions about this event and we have resources in place to assist them. Fidelity takes its responsibility to serve customers and safeguard information seriously.”
The exposure of client data adds to a growing list of incidents affecting asset managers and recordkeepers. Earlier this month, TIAA and TIAA Life reported being swept up in a 2023 hack of third-party vendor Infosys McCamish Systems LLC. In April, JPMorgan Chase & Co. reported an accidental leak by employees that exposed the data of 451,000 plan participants. In February, Fidelity discovered a breach of client data at its Fidelity Investments Life Insurance and Empire Fidelity Investments Life Insurance division from October 2023, according to a filing with the Maine attorney general; that incident was also related to the Infosys McCamish hack.
The Fidelity breach exposed the data of 337 Maine residents, prompting Fidelity to file with the state’s data breach notification requirements.
Correction: This article removes an inaccurate reference to the type of clients effected and adds a Fidelity statement.