Fidelity Investments has informed over 77,000 customers that their personal information was compromised during a recent data security incident involving unauthorized access by a third party. The breach occurred between August 17 and August 19, when attackers gained access to two customer accounts before the intrusion was detected and access was terminated.
According to Fidelity's notification letter, no Fidelity accounts were accessed, and the compromised information pertains to a small subset of customers. Sarah Jones, a cyber threat intelligence research analyst at Critical Start, highlighted that the attackers likely aimed to gather information, suggesting they may have established a foothold for potential further attacks. While Fidelity claims there has been no misuse of the compromised data, concerns about identity theft and fraud remain heightened.
This breach marks Fidelity's second significant data incident this year, following a March breach that affected around 30,000 individuals due to a third-party service provider, Infosys McCamish (IMS).
To assist those affected, Fidelity is offering 24 months of free credit monitoring and identity restoration services through TransUnion Interactive. The company also urges customers to remain vigilant, regularly review their financial statements, and report any suspicious activity.