The Boston, Massachusetts-based investment company said in a filing with Maine's attorney general on Oct. 9 that an unidentified third party accessed information from its systems in a hack between Aug. 17 and 19 "using two customer accounts that they had recently established."
"We detected this activity on Aug. 19 and immediately took steps to terminate the access," Fidelity stated in a letter sent to those affected, adding that the incident did not include any access to customers' Fidelity accounts.
Fidelity verified that a total of 77,099 customers were impacted by the breach, and its review of the compromised data concluded that customers' personal information was affected. (Related: AT&T’s MASSIVE data breach affects 73 MILLION previous and current customers.)
When contacted by TechCrunch, Fidelity did not explain how the creation of two Fidelity customer accounts permitted access to the data of thousands of other customers.
In a separate data breach notice filed with New Hampshire's attorney general, Fidelity disclosed that the third party "accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers."
Fidelity stated the data breach involved customers' Social Security numbers and driver's licenses, as reported by another data breach notice filed by Fidelity with the Massachusetts' attorney general.
No information about the breach was discovered on Fidelity's website at the time of reporting.
Fidelity spokesperson Michael Aalto said in an interview with TechCrunch that the incident did not involve access to Fidelity customers' accounts "or funds." Nonetheless, Fidelity refused to answer specific questions about the incident.
As stated by Fidelity, the company has more than 51 million individual investors as customers, counting some $14.1 trillion in total customer assets as of June 2024.
Fidelity is offering 24 months of credit monitoring and identity theft protection services to all of its individual investors, especially to affected customers. Fidelity has sent letters to affected customers through the United States Postal Service with a code that the customers must use to avail of the offer.
Identity theft protection can help notify people of data breaches in advance and alert them if their personal data has been discovered on the dark web.
Apart from taking advantage of the free service, customers are being advised to change their passwords and monitor their Fidelity accounts for any suspicious activity. If a person has a Fidelity account and isn't sure if it is affected, changing password is always a good idea.
Contingent upon what sensitive data was accessed, customers should also monitor their credit reports with TransUnion, Equifax and Experian. They could also put fraud alerts on their credit or freeze their credit with each of the three credit bureaus so that no one can open recent credit accounts like car loans or credit cards in their name.
Follow Glitch.news for more news about data breaches.
Watch the video below to know more about the massive Social Security numbers data breach that happened on Aug. 17, 2024.
This video is from the AllTheWorldsAStage channel on Brighteon.com.
Massive DATA BREACH exposes personal data of 700 million users of Microsoft-owned LinkedIn.
Xfinity notifies customers of data breach due to "software vulnerability."
Data breach in Indonesian COVID-19 tracking app exposes data of over 1 million people.
Sources include: