Fidelity Hacked: Fidelity confirms data breach exposed personal data of 77,000 customers

Just two days after a massive cyberattack on America’s largest water utility, Fidelity Investments, one of the world’s top asset managers, disclosed that hackers had compromised the personal data of thousands of its customers. The firm confirmed that the breach, which occurred in August, exposed the personal information of 77,000 customers.

In a filing with Maine’s attorney general, the Boston-based investment firm revealed that an unnamed third party gained access to its systems between August 17 and August 19 by exploiting two recently established customer accounts.

Fidelity quickly detected the suspicious activity on August 19 and immediately terminated the unauthorized access. In a letter to affected customers, the company clarified that no Fidelity accounts were directly breached. “We detected this activity on August 19 and immediately took steps to terminate the access,” Fidelity said.

12 Other US Financial Institutions Attacked by Hackers

This latest hack is not limited to Fidelity. Sources told CNBC that this hack could be connected to a larger cyberattack on JPMorgan Chase, where customer information was also stolen. Fidelity was reportedly one of 13 financial institutions targeted by the same group of hackers believed to be responsible for the JPMorgan breach.

“Fidelity Investments, one of the largest US mutual fund companies, was one of 13 financial institutions attacked by hackers, who are believed to be the same group that stole customer information from JPMorgan Chase, according to two people familiar with the matter, CNBC reported.

The scale and sophistication of these attacks have raised concerns among U.S. officials. While no customer data was reportedly stolen from Fidelity accounts, the firm is home to thousands of American retirees’ accounts, which adds to the urgency of the investigation.

JPMorgan, the largest U.S. bank by assets, had confirmed the week prior that the personal information of 76 million households—including names, addresses, phone numbers, and email addresses—had been compromised, marking one of the largest data breaches in history.

The U.S. Secret Service and FBI are leading a broader investigation into the cyberattacks, which are believed to involve over a dozen financial institutions. However, not all targeted institutions had their systems breached, and JPMorgan remains the only company so far to confirm the theft of customer information.

Fidelity reassured its customers that its accounts and systems remain secure. A spokesperson stated, “We have no indication that any Fidelity customer sites, accounts, or systems were impacted by this breach.”

The firm emphasized its commitment to security, explaining that it employs multiple layers of safeguards to protect its systems and customer data. “We closely monitor the online environment and take security very seriously. For security reasons, some of our protections are visible, while others are not,” the spokesperson added.

Fidelity confirmed that a total of 77,099 customers were affected by the breach but has not disclosed exactly what personal data was compromised. It remains unclear how the creation of just two customer accounts allowed access to the personal information of thousands of others.

At the time of writing, Fidelity has not shared further details about the breach on its website, and the specific nature of the compromised data remains unknown. When reached for comment, Fidelity spokesperson Michael Aalto reiterated that the breach did not involve access to customer accounts or funds but declined to provide further details.

In response to the growing wave of cyberattacks from criminal organizations and foreign entities, financial services firms are ramping up their recruitment of IT security professionals. As of June 2024, Fidelity serves over 51 million individual investors and manages approximately $14.1 trillion in total customer assets.