Fidelity Investments has announced that the personal information of just over 77,000 individuals was compromised during a data security incident. The breach occurred between August 17 and August 19, when an unauthorized third party accessed two customer accounts and extracted private information. Fidelity detected the suspicious activity on August 19, promptly terminated access, and launched an investigation.
Fidelity’s notification letter emphasized that the breach did not involve direct access to Fidelity accounts, and the information obtained pertained only to a small subset of its customers. While the specific motives of the attackers remain unclear, Sarah Jones, a cyber threat intelligence research analyst at Critical Start, suggested that the breach might be part of a “beachhead” strategy—where attackers gather information to use as a foothold for launching further attacks.
Despite Fidelity’s assurance that no misuse of the customers’ data has been detected, this incident is the company’s second data breach this year. In March, Fidelity notified approximately 30,000 individuals about another data breach that involved its service provider, Infosys McCamish (IMS).
To help affected individuals, Fidelity is offering 24 months of free credit monitoring and identity restoration services through TransUnion Interactive. The company also urges its customers to stay vigilant, frequently review their financial statements, and report any suspicious or fraudulent activity.