77,000 Fidelity customer data stolen in August breach • The Register

Fidelity Investments has notified 77,099 people that their personal information was stolen in a data breach in August.

The mega-asset manager did not disclose what data the digital fraudsters stole, but assured customers that the security breach “did not involve access to your Fidelity account(s).”

In a letter to those affected, Fidelity said the breach occurred between August 17 and 19 when “a third party unauthorizedly accessed and obtained certain information using two recently established customer accounts.” [PDF]

The financial company did not respond The Register‘s specific questions, including how the attack occurred and what personal information was stolen.

In a statement emailed to The RegisterA Fidelity spokesperson reiterated the breach disclosure statement, telling us: “We notify individuals when necessary and provide them with credit monitoring resources. We recognize that our customers may have questions about this incident and we have resources to help them. Fidelity takes “It is its responsibility to serve customers and protect information.”

Fidelity said it discovered the intruders on August 19 and took “immediate” action to ban them from its IT systems. The company also hired an outside security firm to investigate the breach. Fidelity claims that the information obtained from the data thieves only “pertains to a small subset of our customers.”

For context: The asset manager claims to have more than 51.5 million private customers and manages employee benefit programs for around 28,000 companies in 11 countries. As of June, Fidelity had about $5.5 trillion in client assets under management and about $14.1 trillion in assets under management.

The brokerage firm says it is “not aware of any misuse” of customers’ personal information due to the security breach. However, it offers everyone affected two years of free credit monitoring.

In March, Fidelity Investments life insurance company notified nearly 30,000 customers that criminals had accessed their personal and financial information after breaking into Infosys’ IT systems in the fall. In this third-party breach, the fraudsters stole Fidelity customers’ bank accounts and routing numbers, credit card numbers, and security or access codes. ®