Crooks stole personal info of 77k Fidelity Investments customers

Fidelity Investments has notified 77,099 people that their personal information was stolen in an August data breach. 

The mega asset manager has not disclosed what data the digital crooks nabbed, but assured customers that the security snafu "did not involve any access to your Fidelity account(s)."

In a letter sent to affected individuals, Fidelity said the break-in happened between August 17 and August 19 when "a third party accessed and obtained certain information without authorization using two customer accounts that they had recently established." [PDF]

The financial firm did not answer The Register's specific questions, including how the attack happened and what personal details were stolen.

In a statement emailed to The Register, a Fidelity spokesperson repeated the breach disclosure statement, and told us: "We are notifying individuals as appropriate and providing them credit monitoring resources. We recognize our customers may have questions about this event and we have resources in place to assist them. Fidelity takes its responsibility to serve customers and safeguard information seriously."

Fidelity noted that it spotted the intruders on August 19, and took "immediate" actions to kick them out of its IT systems. It also hired an external security firm to investigate the breach. Fidelity claims the information obtained by the data thieves only "related to a small subset of our customers."

For context: the asset manager says it has more than 51.5 million individuals as customers, and manages employee benefit programs for about 28,000 businesses across 11 countries. As of June, Fidelity had about $5.5 trillion in customer assets under management, and around $14.1 trillion in assets under administration.

• Fidelity customers' financial info feared stolen in suspected ransomware attack
• Marriott settles for a piddly $52M after series of breaches affecting millions
• Fore-get about privacy, golf tech biz leaves 32M data records on the fairway
• Dutch cops reveal takedown of 'world's largest dark web market'

The brokerage says it is "not aware of any misuse" of customers' personal information because of the security breach. However, it has offered anyone affected two years of free credit monitoring.

In March, Fidelity Investments Life Insurance notified nearly 30,000 customers that criminals accessed their personal and financial information after breaking into Infosys' IT systems in the fall. During that third-party breach, the crooks made off with Fidelity customers' bank account and routing numbers, credit card numbers and security or access codes. ®