Fidelity Data Breach

Discuss all general (i.e. non-personal) investing questions and issues, investing news, and theory.
Post Reply
Topic Author
vtftw100
Posts: 61
Joined: Mon Jan 29, 2024 12:16 pm

Fidelity Data Breach

Post by vtftw100 »

[Moved into a new thread from: [Split from "Fidelity as a one stop shop" thread - locked or restricted Fidelity account issues] --admin LadyGeek]

In an ever escalating series of events, looks like Fidelity suffered a data breach in mid-August using "recently established accounts" -- https://techcrunch.com/2024/10/10/fidel ... customers/
roamingzebra
Posts: 1583
Joined: Thu Apr 22, 2021 3:29 pm

Re: Fidelity Data Breach

Post by roamingzebra »

vtftw100 wrote: Thu Oct 10, 2024 7:23 am In an ever escalating series of events, looks like Fidelity suffered a data breach in mid-August using "recently established accounts" -- https://techcrunch.com/2024/10/10/fidel ... customers/
I remember the first big data breach...it was Target. One school of thought was that because they had a breach (and likely buttoned up their systems), it would likely have better security going forward compared to say, Walmart.

I wonder if that panned out...

IOW, will Fidelity going forward possibly be more secure than Vanguard or Schwab?

Guess we'll have to see.
stilllurking
Posts: 683
Joined: Mon Jun 16, 2014 10:44 am

Fidelity Data Breach

Post by stilllurking »

[Posts merged into here --admin LadyGeek]

https://techcrunch.com/2024/10/10/fidel ... customers/

They haven't disclosed details of lost information but be aware of your credit reports and make sure they are frozen.
User avatar
TheTimeLord
Posts: 12487
Joined: Fri Jul 26, 2013 2:05 pm

Re: Fidelity Data Breach

Post by TheTimeLord »

stilllurking wrote: Thu Oct 10, 2024 10:26 am https://techcrunch.com/2024/10/10/fidel ... customers/

They haven't disclosed details of lost information but be aware of your credit reports and make sure they are frozen.
I would highlight this portion of the article.
“We detected this activity on August 19 and immediately took steps to terminate the access,” Fidelity said in a letter sent to those affected, adding that the incident did not involve any access to customers’ Fidelity accounts.
IMHO, Investing should be about living the life you want, not avoiding the life you fear. | Run, You Clever Boy! [9085]
bogles the mind
Posts: 365
Joined: Fri May 03, 2024 8:05 am

Re: Fidelity Data Breach

Post by bogles the mind »

With the apparent ease with which everyone is being hacked, how long before our accounts start being drained with impunity?
Topic Author
vtftw100
Posts: 61
Joined: Mon Jan 29, 2024 12:16 pm

Re: [Split from "Fidelity as a one stop shop" thread - locked or restricted Fidelity account issues]

Post by vtftw100 »

I remember the first big data breach...it was Target. One school of thought was that because they had a breach (and likely buttoned up their systems), it would likely have better security going forward compared to say, Walmart.

I wonder if that panned out...

IOW, will Fidelity going forward possibly be more secure than Vanguard or Schwab?

Guess we'll have to see.
Nothing is going to fundamentally change until executives and other decision makers at these companies start getting held *personally* liable (i.e. penalties having a personal liability on them or they start going to prison). It may sound extreme but imagine if things were the other way around, someone's stupid mistake/callousness led to catastrophic bank losses, they'll likely be prosecuted. It's only the corporations that get away with such behavior.

Letting Equifax off the hook (with a fine) was the OG mistake. Since then we've had major breaches all over the place, some more significant than others (e.g. T-Mobile).
stan1
Posts: 15559
Joined: Mon Oct 08, 2007 4:35 pm

Re: Fidelity Data Breach

Post by stan1 »

It is not immediately clear how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
Yikes. I wonder if this is related to the other issues (check kiting, Net Benefits authentication). They are clearly under attack by aggressors who know their vulnerabilities. If this is a third one then its almost like someone who had their list of cybersecurity vulnerabilities handed them over to bad guys (or is the bad guy).
bogles the mind
Posts: 365
Joined: Fri May 03, 2024 8:05 am

Re: Fidelity Data Breach

Post by bogles the mind »

AI will be making it worse soon.
stan1
Posts: 15559
Joined: Mon Oct 08, 2007 4:35 pm

Re: Fidelity Data Breach

Post by stan1 »

bogles the mind wrote: Thu Oct 10, 2024 10:55 am AI will be making it worse soon.
Soon is today. The bad guys have been gathering data for decades and now have the ability to use it.
stan1
Posts: 15559
Joined: Mon Oct 08, 2007 4:35 pm

Re: Fidelity Data Breach

Post by stan1 »

The more I think about these events, I wonder if an internal risk and vulnerability assessment was exfiltrated and the bad guys are now working their way through them as a checklist. Three in a few months seems like more than a coincidence. Could be a disgruntled employee, breached by a consultant, or exfiltrated from a corporate network (three possibilities among many other things that could go wrong).
Randomuser7
Posts: 16
Joined: Tue Feb 13, 2024 10:19 am

Re: Fidelity Data Breach

Post by Randomuser7 »

Link to another site with the story. https://www.bleepingcomputer.com/news/s ... 00-people/
neowiser
Posts: 265
Joined: Sun Sep 27, 2020 4:32 pm

Re: Fidelity Data Breach

Post by neowiser »

[Post merged into here ---admin LadyGeek]

Looks like Fidelity fruit is ripe for the picking in more ways than discussed

https://techcrunch.com/2024/10/10/fidel ... customers/
Fidelity confirmed that a total of 77,099 customers were affected by the breach, and its completed review of the compromised data determined that customers’ personal information was affected. When reached by TechCrunch, Fidelity did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
In another data breach notice filed with New Hampshire’s attorney general, Fidelity revealed that the third party “accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers.”
Fidelity said the data breach included customers’ Social Security numbers and driver’s licenses, according to a separate data breach notice filed by Fidelity with the Massachusetts’ attorney general.
User avatar
CardinalRule
Posts: 1301
Joined: Sun Jan 15, 2017 10:01 am
Location: United States

Re: Fidelity Data Breach

Post by CardinalRule »

neowiser wrote: Thu Oct 10, 2024 3:14 pm [Post merged into here ---admin LadyGeek]

https://techcrunch.com/2024/10/10/fidel ... customers/
When reached by TechCrunch, Fidelity did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
That’s the part that befuddles and interests me. I guess we will eventually learn how this scheme worked.
toddthebod
Posts: 7995
Joined: Wed May 18, 2022 12:42 pm

Re: Fidelity Data Breach

Post by toddthebod »

CardinalRule wrote: Thu Oct 10, 2024 6:08 pm
neowiser wrote: Thu Oct 10, 2024 3:14 pm [Post merged into here ---admin LadyGeek]

https://techcrunch.com/2024/10/10/fidel ... customers/

That’s the part that befuddles and interests me. I guess we will eventually learn how this scheme worked.
The account was registered to one Robert'); UPDATE UserTable SET Password = NULL.
SnowBog
Posts: 5346
Joined: Fri Dec 21, 2018 10:21 pm

Re: Fidelity Data Breach

Post by SnowBog »

toddthebod wrote: Thu Oct 10, 2024 6:15 pm
CardinalRule wrote: Thu Oct 10, 2024 6:08 pm

That’s the part that befuddles and interests me. I guess we will eventually learn how this scheme worked.
The account was registered to one Robert'); UPDATE UserTable SET Password = NULL.
Hey, how did you know my password??
User avatar
AllMostThere
Posts: 1101
Joined: Sat Dec 31, 2016 1:04 pm

Re: Fidelity Data Breach

Post by AllMostThere »

bogles the mind wrote: Thu Oct 10, 2024 10:55 am AI will be making it worse soon.
Hmmm. On same note, I believe we can assume that AI will assist with identifying and closing security weaknesses. Data breaches are now a form of AI Wack-a-mole with many companies trying to minimize the thud felt by customers. :oops:
Stop thinking about what money can buy. Start thinking about what your money can earn. - Author JL Collins | Dream as if you’ll live forever. Live as if you’ll die today. - Author James Dean
kobbiemandd
Posts: 93
Joined: Fri Mar 18, 2011 6:54 pm

Re: Fidelity Data Breach

Post by kobbiemandd »

It seems like once a month either my wife or I get notification that our data has been compromised. It is usually related to a medical provider. Having worked in the IT security field, it is my opinion that these compromises are happening more often because there is little deterrent for them to prevent it. It takes resources, both in the form of infrastructure and qualified personnel to safeguard against this and that translates to money. Until hefty fines are levied for breaches, expect this to continue and probably worsen. I am not saying that Fidelity is one of those that are not doing diligence to safeguard customers and I highly doubt they are since data security is such a vital part of their business.
bogles the mind
Posts: 365
Joined: Fri May 03, 2024 8:05 am

Re: Fidelity Data Breach

Post by bogles the mind »

AllMostThere wrote: Fri Oct 11, 2024 5:17 am
bogles the mind wrote: Thu Oct 10, 2024 10:55 am AI will be making it worse soon.
Hmmm. On same note, I believe we can assume that AI will assist with identifying and closing security weaknesses. Data breaches are now a form of AI Wack-a-mole with many companies trying to minimize the thud felt by customers. :oops:
True
User avatar
wwhan
Posts: 817
Joined: Sat Mar 03, 2007 11:08 pm
Location: CA

Re: Fidelity Data Breach

Post by wwhan »

This note is a bit odd, it would appear that the hackers accessed the database with a list of customers profiles (or details), not the actual Fidelity accounts.

https://www.bleepingcomputer.com/news/s ... 00-people/

"When asked how the attacker could access the data of thousands of customers using two accounts they previously created, Michael Aalto, Fidelity's head of external corporate comms, told BleepingComputer they couldn't share that information and added that "they did not view accounts. They viewed customer information"."
"Everything in Moderation, including Moderation"
User avatar
wwhan
Posts: 817
Joined: Sat Mar 03, 2007 11:08 pm
Location: CA

Re: Fidelity Data Breach

Post by wwhan »

It is pretty insane when there are 1,799,639 breaches affecting residents in just the state of Maine in 2024: https://www.mass.gov/doc/data-breach-re ... 9521f97343

"The total number of breaches affecting Maine residents: 1,799,639"
=====

The Data Security Breaches in California appear to be much larger: https://oag.ca.gov/privacy/databreach/list

Searching on Fidelity breaches in California....

Organization Name Date(s) of Breach Reported Date
Fidelity Investments 08/17/2024 10/09/2024
Fidelity Investments Life Insurance Company & Empire Fidelity Investments Life Insurance Company 10/29/2023 07/19/2024
Fidelity Investments Life Insurance Company & Empire Fidelity Investments Life Insurance Company 10/29/2023 03/18/2024
Fidelity Investments Life Insurance Company & Empire Fidelity Investments Life Insurance Company 10/29/2023, 11/02/2023 03/01/2024
Fidelity National Information Services, Inc. 05/27/2023 11/09/2023
Fidelity National Information Services, Inc. 05/27/2023, 05/31/2023 10/04/2023
Fidelity National Information Services, Inc. 05/27/2023, 05/31/2023 09/19/2023
Fidelity National Information Services, Inc. 05/27/2023 08/11/2023
Fidelity Life Association 05/29/2023, 05/30/2023 07/25/2023
Fidelity National Financial, Inc. 04/14/2014, 04/16/2014 10/24/2014
Fidelity National Financial, Inc. 07/01/2013, 11/01/2013 06/13/2014
Fidelity Investments (on behalf of Oracle Corporation) 07/10/2013 07/31/2013
"Everything in Moderation, including Moderation"
rich126
Posts: 4824
Joined: Thu Mar 01, 2018 3:56 pm

Re: Fidelity Data Breach

Post by rich126 »

The problem with hacking isn't just avoiding company "x" because you might think it is more prone to hacking but the issue of how many other companies handle your data and are vulnerable. While a company like Fidelity might maintain all the data itself, that isn't true of many other companies. And even with Fidelity, how is your data handled for banking, ATM/Debit cards, etc. ?

With medical facilities you have the facilities themselves trying to safeguard your data but then you have the billing companies that also have some access to your data.

After getting the letter from Change Health Care* recently where it seemed like everything possible was potentially compromised (driver's license, medical records, CC info, etc.) it just seems like the whole system is broken, accountability and punishment is non-existent and everything just falls to the individual consumer to fight identity theft.

I've worked in computer security/hacking and it is difficult. You have a lot of companies that simply don't want to spend money on it or take basic steps to do anything. They just want to put the blame on hackers. Things aren't going to get better any time soon.

*https://hyperproof.io/resource/understa ... nformation.
----------------------------- | If you think something is important and it doesn't involve the health of someone, think again. Life goes too fast, enjoy it and be nice.
safari
Posts: 776
Joined: Mon Nov 08, 2021 1:23 pm

Re: Fidelity Data Breach

Post by safari »

[Post merged into here --admin LadyGeek]

Fidelity really needs to get its act together when it comes to security. I just read an article, which I found mind-boggling.
Fidelity Investments, one of the world’s largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver’s licenses.

The Boston, Massachusetts-based investment firm said in a filing with Maine’s attorney general on Wednesday that an unnamed third party accessed information from its systems between August 17 and August 19 “using two customer accounts that they had recently established.”

“We detected this activity on August 19 and immediately took steps to terminate the access,” Fidelity said in a letter sent to those affected, adding that the incident did not involve any access to customers’ Fidelity accounts.

Fidelity confirmed that a total of 77,099 customers were affected by the breach, and its completed review of the compromised data determined that customers’ personal information was affected. When reached by TechCrunch, Fidelity did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
User avatar
tfb
Posts: 8411
Joined: Mon Feb 19, 2007 4:46 pm

Re: Fidelity Data Breach

Post by tfb »

techcrunch wrote:In another data breach notice filed with New Hampshire’s attorney general, Fidelity revealed that the third party “accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers.”
Suppose by logging in, a customer can retrieve a certain document pertaining to the customer itself. The system hosting the documents checked it was a logged in user but it didn't check the requested document id belongs to that user. Thus the hackers could retrieve another customer's document by altering the document id or account number in the request. The other customers' accounts weren't accessed but their documents were retrieved.
Harry Sit
rkhusky
Posts: 19759
Joined: Thu Aug 18, 2011 8:09 pm

Re: Fidelity Data Breach

Post by rkhusky »

I noticed that the data breached included driver’s license. Why would Fidelity be storing a driver’s license for its customers?
rbd789
Posts: 471
Joined: Fri Jul 24, 2020 2:58 pm

Re: Fidelity Data Breach

Post by rbd789 »

rkhusky wrote: Sat Oct 12, 2024 10:36 am I noticed that the data breached included driver’s license. Why would Fidelity be storing a driver’s license for its customers?
The feds terribly helpful "Know Your Customer" rules...
User avatar
beyou
Posts: 7590
Joined: Sat Feb 27, 2010 2:57 pm
Location: If you can make it there

Re: [Split from "Fidelity as a one stop shop" thread - locked or restricted Fidelity account issues]

Post by beyou »

vtftw100 wrote: Thu Oct 10, 2024 10:38 am
I remember the first big data breach...it was Target. One school of thought was that because they had a breach (and likely buttoned up their systems), it would likely have better security going forward compared to say, Walmart.

I wonder if that panned out...

IOW, will Fidelity going forward possibly be more secure than Vanguard or Schwab?

Guess we'll have to see.
Nothing is going to fundamentally change until executives and other decision makers at these companies start getting held *personally* liable (i.e. penalties having a personal liability on them or they start going to prison). It may sound extreme but imagine if things were the other way around, someone's stupid mistake/callousness led to catastrophic bank losses, they'll likely be prosecuted. It's only the corporations that get away with such behavior.

Letting Equifax off the hook (with a fine) was the OG mistake. Since then we've had major breaches all over the place, some more significant than others (e.g. T-Mobile).
Worked in IT at multiple competitors.
The execs treat IT as a cost to minimize, and think we are interchangeable parts. This mentality leads to poor quality IT work. You need to vote with your feet and leave OR sue if you suffer losses. This and personal liability would get their attention to focus on quality over cost of IT.
rkhusky
Posts: 19759
Joined: Thu Aug 18, 2011 8:09 pm

Re: Fidelity Data Breach

Post by rkhusky »

rbd789 wrote: Sat Oct 12, 2024 3:02 pm
rkhusky wrote: Sat Oct 12, 2024 10:36 am I noticed that the data breached included driver’s license. Why would Fidelity be storing a driver’s license for its customers?
The feds terribly helpful "Know Your Customer" rules...
I’ve never provided my license to a brokerage. I suppose I have though at other places when in person, like a doctor’s office where they want ID and insurance card.

Seems like a bad idea to store it online, but perhaps the doctor does too, although usually it’s a paper copy.
niagara_guy
Posts: 1356
Joined: Tue Feb 11, 2020 7:32 am

Re: Fidelity Data Breach

Post by niagara_guy »

DW got a letter from Fidelity yesterday, her data (ssn, Fido account number) were compromised in a data breach. Here's a link that looks similar:

https://www.foxnews.com/tech/over-77000 ... ata-breach
FireHorse
Posts: 226
Joined: Sat Nov 25, 2017 6:03 pm

Re: Fidelity Data Breach

Post by FireHorse »

I just got back from six week travel, and surprised to see a letter from Fidelity that my SS and account number are being compromised from August Fidelity data breach incident. Its unsettling but feel helpless :confused
The question is how about all our investments? Fidelity, Vanguard, Charles Schwab.... are anyone safe?
ladycat
Posts: 326
Joined: Fri Sep 28, 2018 5:02 pm

Re: Fidelity Data Breach

Post by ladycat »

Has anyone heard if Fidelity is at least changing the account numbers of the accounts that were compromised?
rich126
Posts: 4824
Joined: Thu Mar 01, 2018 3:56 pm

Re: Fidelity Data Breach

Post by rich126 »

FireHorse wrote: Wed Oct 23, 2024 3:19 pm I just got back from six week travel, and surprised to see a letter from Fidelity that my SS and account number are being compromised from August Fidelity data breach incident. Its unsettling but feel helpless :confused
The question is how about all our investments? Fidelity, Vanguard, Charles Schwab.... are anyone safe?
And someone doesn't have to get stuff from a company directly. Some breaches, say in health care, they might be able to get almost all of your identity info including SSN, address, DOB, phone, etc. and use it to convince a place that they are you. At times people have been able to get email addresses changes to the hackers and then they have a lot of control.

A sad situation where no matter what you do, short of never giving info to anyone which is nearly impossible, your data can be hacked via some 3rd party such as a bill servicing provider, and you potentially could be in a lot of trouble.

I'm thinking the only thing saving people are that there is so much data out there and others will be more unlucky than you. I'm not good at tracking this stuff but over the last 20 years how many hacks have there been? I'm guessing most of us have had some form of their data compromised at least 5+ times over the last decade. I think Equifax or one of the credit bureaus had issues.
----------------------------- | If you think something is important and it doesn't involve the health of someone, think again. Life goes too fast, enjoy it and be nice.
mouth
Posts: 749
Joined: Sun Apr 19, 2015 6:40 am

Re: Fidelity Data Breach

Post by mouth »

toddthebod wrote: Thu Oct 10, 2024 6:15 pm
CardinalRule wrote: Thu Oct 10, 2024 6:08 pm

That’s the part that befuddles and interests me. I guess we will eventually learn how this scheme worked.
The account was registered to one Robert'); UPDATE UserTable SET Password = NULL.
Little Bobby Drop Tables would be so proud.
Dottie57
Posts: 13221
Joined: Thu May 19, 2016 5:43 pm
Location: U.S.

Re: [Split from "Fidelity as a one stop shop" thread - locked or restricted Fidelity account issues]

Post by Dottie57 »

beyou wrote: Sat Oct 12, 2024 4:37 pm
vtftw100 wrote: Thu Oct 10, 2024 10:38 am

Nothing is going to fundamentally change until executives and other decision makers at these companies start getting held *personally* liable (i.e. penalties having a personal liability on them or they start going to prison). It may sound extreme but imagine if things were the other way around, someone's stupid mistake/callousness led to catastrophic bank losses, they'll likely be prosecuted. It's only the corporations that get away with such behavior.

Letting Equifax off the hook (with a fine) was the OG mistake. Since then we've had major breaches all over the place, some more significant than others (e.g. T-Mobile).
Worked in IT at multiple competitors.
The execs treat IT as a cost to minimize, and think we are interchangeable parts. This mentality leads to poor quality IT work. You need to vote with your feet and leave OR sue if you suffer losses. This and personal liability would get their attention to focus on quality over cost of IT.
This. I was told I was a cost to minimize.
Life is more than grinding it out in some drab office setting for an arbitrary number. This isn't a videogame where the higher score is better. -Nathan Drake
toddthebod
Posts: 7995
Joined: Wed May 18, 2022 12:42 pm

Re: Fidelity Data Breach

Post by toddthebod »

mouth wrote: Wed Oct 23, 2024 4:08 pm
toddthebod wrote: Thu Oct 10, 2024 6:15 pm

The account was registered to one Robert'); UPDATE UserTable SET Password = NULL.
Little Bobby Drop Tables would be so proud.
It was an obscure reference but we have a winner!
mouth
Posts: 749
Joined: Sun Apr 19, 2015 6:40 am

Re: Fidelity Data Breach

Post by mouth »

toddthebod wrote: Wed Oct 23, 2024 4:41 pm
mouth wrote: Wed Oct 23, 2024 4:08 pm
Little Bobby Drop Tables would be so proud.
It was an obscure reference but we have a winner!
Never fails to amuse :twisted: :beer
bhoppy
Posts: 4
Joined: Sat Oct 22, 2022 1:56 pm

Re: Fidelity Data Breach

Post by bhoppy »

with a family member impacted, i can tell you fidelity's customer service folks answering the questions can provide little or no helpful information about what or how this happened. post above related to the new account creation process and uploading of documents is the best information i have seen and correlates with an account opening for my family member. The transunion credit monitoring offer for 2 years is a small CYA remedy for a potential long time problem... not loving fidelity service or responses today and makes me think about any further consolidation of accounts with them. will likely always have a plan b... anyone else get any better answers or recourse from fidelity?
minion26
Posts: 1
Joined: Tue Oct 29, 2024 11:49 am

Re: Fidelity Data Breach

Post by minion26 »

After receiving a letter regarding the data breach, I called the dedicated customer service number that Fidelity provided to answer questions. With multiple accounts from various employers over the years, I wanted to find out what Fidelity and non-Fidelity account information was accessed. I first spoke to a customer service agent whose script consisted of the press release that Fidelity had published. He was nice enough and escalated the call to his supervisor. The supervisor refused to provide any additional information and refused to escalate the call any further. The supervisor was borderline rude and showed no empathy to helping secure my accounts other than sign up for the credit monitoring. As a retired compliance officer from a Fortune 100 company, I requested a contact within Fidelity's privacy department to further discuss my concerns with Fidelity's response. The supervisor refused to provide that information. He did not even provide basic guidance like changing access passwords or account numbers. Worst customer service experience ever.

After the call I looked on Fidelity's website for a link to their compliance/privacy hotline. Most companies publish an easy to find link to a compliance/privacy hotline to meet DOJ compliance requirements. Fidelity is an exception.
Post Reply