Data leak
Fidelity Investments Data Breach
Primary Source βIncident Details
Between 17-19 August 2024, unauthorized third parties exploited two newly created Fidelity customer accounts to access personal data of 77,099 customers including Social Security numbers and driver’s license numbers. Customer account balances and investments were not accessed. Fidelity offered 24 months of free credit monitoring. This was Fidelity’s second breach in 2024; approximately 30,000 Fidelity life insurance customers were also exposed earlier via the Infosys McCamish Systems LockBit breach.
Technical Details
- Initial Attack Vector
- Attackers created two new fraudulent customer accounts and used them to access other customers' personal information via an internal document management system; no MFA gap on account creation process
Timeline
- 2024-08-17 Breach occurred
- 2024-10-09 Publicly disclosed
- 2024-10-09 Customers notified