In August, Fidelity experienced a hack that led to the theft of data from more than 77,000 customers.
The office of the Attorney General of Maine announced it with a note published on its official website.
The hack against Fidelity
The note reveals that the hack occurred on August 17 and was discovered only two days later.
In total, the clients involved turned out to be 77,099, which is only a small percentage of the over 50 million clients of Fidelity.
The type of stolen data has not been disclosed, but the company, after concluding the investigations, stated that no account or fund has been compromised.
This is therefore only a theft of personal data, and not of funds. Furthermore, it does not seem that the accounts have been breached, so for example the passwords should be safe.
The note from the Maine Attorney also contains a link to a PDF that includes the text of the notice sent by Fidelity to its clients.
Fidelity warns customers of the hack
The Fidelity Investments Privacy Office has indeed informed its clients of the incident.
With the notice mentioned above, they were informed that a security incident had occurred involving some of their personal information.
The notice confirmed that between August 17 and 19, a third party had accessed certain information without authorization, using two customer accounts that it had recently created.
The information obtained in this way concerned only a small subset of their clients, and the incident did not involve any access to customer accounts on the Fidelity platform.
In each individual notice sent to the clients involved in the hack, the type of their information that had been stolen was reported.
The company has made available to the involved customers a credit monitoring and identity restoration service for 24 months, to be able to monitor credit reports and detect any unusual activity that could affect the personal financial situation of the customers. This service is provided by TransUnion Interactive.
Additionally, it advises clients to regularly review statements and promptly report any suspicious activity to their financial institution and/or law enforcement.
All this greatly downplays the seriousness of the incident, even if it is a symptom that the company’s security systems need more controls.
The security measures
In these cases, clients are at least advised to immediately change the access password to their account, even if it has not been violated.
When it comes to financial accounts on which users hold funds, it is always better to have an excess of caution rather than a deficiency.
Although changing passwords might be in all respects an excess of caution, it is a measure that has no additional costs, and that can be particularly effective in the event that from the stolen data one can somehow trace back to the password.
Furthermore, it is recommended to use a password that is difficult to discover, unique for each account, and it is suggested to change it regularly.
Other security measures that the clients themselves can take are a bit more difficult to implement, because for example, protecting their own devices from hackers requires a minimum of IT skills.
When possible, it is recommended to enable two-factor authentication, which adds another code to the password that continuously changes.
In cases like this, that is when personal data is stolen, it would also be advisable to use monitoring services like the one provided for free by Fidelity for 24 months. In fact, the stolen data can then be used by hackers, for example, to register new accounts with false names, and although KYC regulations require financial intermediaries to verify the identity of their clients, even in this case, an excess of caution is better than a deficiency.
Fidelity Investments
Fidelity Investments is a multinational American financial services corporation founded in Boston in 1946.
Over time, it has become one of the largest asset managers in the world, and for some years now it has also forcefully entered the crypto markets with its subsidiary Fidelity Digital Assets.
In particular, its spot Bitcoin ETF is the second in the world both for AUM and for traded volumes, behind only that of another giant in asset management, BlackRock.
With its 51 million clients and a revenue of 28 billion dollars, Fidelity is one of the largest financial giants in the world, and this is why it is very surprising that their systems have been hacked.
However, thefts of personal and sensitive data, but without theft of funds, happen continuously, and other large companies have also been afflicted by them.
In the case of Fidelity, with more than 74,000 employees, it remains possible that something could have gone wrong somewhere, and indeed the stolen data affected only a tiny percentage of their clients.
Source: https://en.cryptonomist.ch/2024/10/11/hack-a-fidelity-data-of-77000-clienti-stolen/