The Recent Breach
More than 77,000 Fidelity Investments customers will soon be notified that their personal information has been compromised due to a data security incident. The breach took place between August 17 and August 19, with an unauthorized third-party gaining access to two customer accounts and obtaining private information. The activity was detected on August 19, leading to immediate termination of access and the initiation of an investigation.
Details of the Incident
According to Fidelity’s notification, the incident did not involve any direct access to Fidelity accounts. The information obtained by the threat actors related to a small subset of their customers. Sarah Jones, a cyber threat intelligence research analyst at Critical Start, suggests that while the attackers’ specific motives remain unclear, it’s probable that information gathering was a primary objective. She also mentioned the ‘beachhead’ theory, a common tactic where attackers establish a foothold to launch further attacks.
Implications and Concerns
Although Fidelity reassures customers that their accounts and funds were not directly accessed, the breach raises concerns about the security of personal information. This increases the risk of identity theft, fraud, or other malicious activities. Fidelity has stated that it is unaware of any misuse of its customers’ personal information obtained in this breach.
A Recurring Issue
This is not the first time Fidelity has faced a data breach this year. In March, Fidelity notified approximately 30,000 individuals that their information had been compromised in a third-party breach involving service provider Infosys McCamish (IMS).
Support for Affected Customers
Fidelity is offering free credit monitoring and identity restoration services for those impacted by this breach through TransUnion Interactive for 24 months. The company also encourages individuals to stay alert and review their financial statements frequently, reporting any suspicious or fraudulent activity.
