Fidelity Investments, one of the world’s largest financial services firms, has revealed a significant data breach affecting over 77,000 customers. Between August 17 and August 19, 2024, unauthorized third-party actors exploited two newly created customer accounts to access personal information, including Social Security numbers and driver’s licenses.

The breach was detected on August 19, at which point Fidelity terminated access and launched an internal investigation to assess the scope of the attack.

While Fidelity reassured customers that no accounts or funds were compromised, the exposed data still raises serious concerns about the vulnerability of personal information. Documents accessed during the breach were housed in an internal database and contained sensitive details that could be used for identity theft or fraud.

This marks the second time in 2024 that Fidelity has experienced a data breach, with a previous incident in March involving over 30,000 individuals due to a third-party breach.

Why It Matters: The data breach at Fidelity exposed sensitive personal data of over 77,000 customers, highlighting the vulnerability of financial institutions to cyberattacks. While customer accounts or funds weren’t directly accessed, the exposure of Social Security numbers and driver’s licenses puts individuals at risk of identity theft. As this is Fidelity’s second breach in 2024, questions have arisen about its security protocols and ability to protect customer information. As a major asset manager, Fidelity now faces heightened scrutiny and must work to restore trust and confidence among its users.

• Scope of the Breach: Over 77,000 customers had their personal information compromised, including Social Security numbers and driver’s licenses, after two fraudulent customer accounts were used to access an internal database. No access to Fidelity accounts or funds was detected.

• Fidelity’s Response: Upon detecting the breach on August 19, Fidelity swiftly terminated unauthorized access and launched an investigation. They have notified affected customers and are offering 24 months of free credit monitoring and identity restoration services through TransUnion Interactive.

• Potential Risks: Despite Fidelity’s assurances, the compromised data could lead to identity theft, fraud, or other malicious activities. Personal information like Social Security numbers is highly valuable to cybercriminals and can be exploited in a variety of ways.

• Call for Vigilance: Fidelity is urging affected individuals to closely monitor their financial statements for any suspicious activity and promptly report potential fraud. The firm has taken steps to prevent future breaches, but the frequency of such incidents highlights the growing threat to financial institutions.

Go Deeper -> Fidelity says Data Breach Exposed Personal Data of 77,000 Customers – Tech Crunch

Fidelity Notifies 77K Customers of Data Breach – Dark Reading