Fidelity Data Breach
Fidelity Data Breach
[Moved into a new thread from: [Split from "Fidelity as a one stop shop" thread - locked or restricted Fidelity account issues] --admin LadyGeek]
In an ever escalating series of events, looks like Fidelity suffered a data breach in mid-August using "recently established accounts" -- https://techcrunch.com/2024/10/10/fidel ... customers/
In an ever escalating series of events, looks like Fidelity suffered a data breach in mid-August using "recently established accounts" -- https://techcrunch.com/2024/10/10/fidel ... customers/
-
- Posts: 1583
- Joined: Thu Apr 22, 2021 3:29 pm
Re: Fidelity Data Breach
I remember the first big data breach...it was Target. One school of thought was that because they had a breach (and likely buttoned up their systems), it would likely have better security going forward compared to say, Walmart.vtftw100 wrote: ↑Thu Oct 10, 2024 7:23 am In an ever escalating series of events, looks like Fidelity suffered a data breach in mid-August using "recently established accounts" -- https://techcrunch.com/2024/10/10/fidel ... customers/
I wonder if that panned out...
IOW, will Fidelity going forward possibly be more secure than Vanguard or Schwab?
Guess we'll have to see.
-
- Posts: 683
- Joined: Mon Jun 16, 2014 10:44 am
Fidelity Data Breach
[Posts merged into here --admin LadyGeek]
https://techcrunch.com/2024/10/10/fidel ... customers/
They haven't disclosed details of lost information but be aware of your credit reports and make sure they are frozen.
https://techcrunch.com/2024/10/10/fidel ... customers/
They haven't disclosed details of lost information but be aware of your credit reports and make sure they are frozen.
- TheTimeLord
- Posts: 12487
- Joined: Fri Jul 26, 2013 2:05 pm
Re: Fidelity Data Breach
I would highlight this portion of the article.stilllurking wrote: ↑Thu Oct 10, 2024 10:26 am https://techcrunch.com/2024/10/10/fidel ... customers/
They haven't disclosed details of lost information but be aware of your credit reports and make sure they are frozen.
“We detected this activity on August 19 and immediately took steps to terminate the access,” Fidelity said in a letter sent to those affected, adding that the incident did not involve any access to customers’ Fidelity accounts.
IMHO, Investing should be about living the life you want, not avoiding the life you fear. |
Run, You Clever Boy! [9085]
-
- Posts: 365
- Joined: Fri May 03, 2024 8:05 am
Re: Fidelity Data Breach
With the apparent ease with which everyone is being hacked, how long before our accounts start being drained with impunity?
Re: [Split from "Fidelity as a one stop shop" thread - locked or restricted Fidelity account issues]
Nothing is going to fundamentally change until executives and other decision makers at these companies start getting held *personally* liable (i.e. penalties having a personal liability on them or they start going to prison). It may sound extreme but imagine if things were the other way around, someone's stupid mistake/callousness led to catastrophic bank losses, they'll likely be prosecuted. It's only the corporations that get away with such behavior.I remember the first big data breach...it was Target. One school of thought was that because they had a breach (and likely buttoned up their systems), it would likely have better security going forward compared to say, Walmart.
I wonder if that panned out...
IOW, will Fidelity going forward possibly be more secure than Vanguard or Schwab?
Guess we'll have to see.
Letting Equifax off the hook (with a fine) was the OG mistake. Since then we've had major breaches all over the place, some more significant than others (e.g. T-Mobile).
Re: Fidelity Data Breach
Yikes. I wonder if this is related to the other issues (check kiting, Net Benefits authentication). They are clearly under attack by aggressors who know their vulnerabilities. If this is a third one then its almost like someone who had their list of cybersecurity vulnerabilities handed them over to bad guys (or is the bad guy).It is not immediately clear how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
-
- Posts: 365
- Joined: Fri May 03, 2024 8:05 am
Re: Fidelity Data Breach
AI will be making it worse soon.
Re: Fidelity Data Breach
Soon is today. The bad guys have been gathering data for decades and now have the ability to use it.
Re: Fidelity Data Breach
The more I think about these events, I wonder if an internal risk and vulnerability assessment was exfiltrated and the bad guys are now working their way through them as a checklist. Three in a few months seems like more than a coincidence. Could be a disgruntled employee, breached by a consultant, or exfiltrated from a corporate network (three possibilities among many other things that could go wrong).
-
- Posts: 16
- Joined: Tue Feb 13, 2024 10:19 am
Re: Fidelity Data Breach
Link to another site with the story. https://www.bleepingcomputer.com/news/s ... 00-people/
Re: Fidelity Data Breach
[Post merged into here ---admin LadyGeek]
Looks like Fidelity fruit is ripe for the picking in more ways than discussed
https://techcrunch.com/2024/10/10/fidel ... customers/
Looks like Fidelity fruit is ripe for the picking in more ways than discussed
https://techcrunch.com/2024/10/10/fidel ... customers/
Fidelity confirmed that a total of 77,099 customers were affected by the breach, and its completed review of the compromised data determined that customers’ personal information was affected. When reached by TechCrunch, Fidelity did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
In another data breach notice filed with New Hampshire’s attorney general, Fidelity revealed that the third party “accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers.”
Fidelity said the data breach included customers’ Social Security numbers and driver’s licenses, according to a separate data breach notice filed by Fidelity with the Massachusetts’ attorney general.
- CardinalRule
- Posts: 1301
- Joined: Sun Jan 15, 2017 10:01 am
- Location: United States
Re: Fidelity Data Breach
That’s the part that befuddles and interests me. I guess we will eventually learn how this scheme worked.neowiser wrote: ↑Thu Oct 10, 2024 3:14 pm [Post merged into here ---admin LadyGeek]
https://techcrunch.com/2024/10/10/fidel ... customers/
When reached by TechCrunch, Fidelity did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
-
- Posts: 7995
- Joined: Wed May 18, 2022 12:42 pm
Re: Fidelity Data Breach
The account was registered to one Robert'); UPDATE UserTable SET Password = NULL.CardinalRule wrote: ↑Thu Oct 10, 2024 6:08 pmThat’s the part that befuddles and interests me. I guess we will eventually learn how this scheme worked.neowiser wrote: ↑Thu Oct 10, 2024 3:14 pm [Post merged into here ---admin LadyGeek]
https://techcrunch.com/2024/10/10/fidel ... customers/
Re: Fidelity Data Breach
Hey, how did you know my password??toddthebod wrote: ↑Thu Oct 10, 2024 6:15 pmThe account was registered to one Robert'); UPDATE UserTable SET Password = NULL.CardinalRule wrote: ↑Thu Oct 10, 2024 6:08 pm
That’s the part that befuddles and interests me. I guess we will eventually learn how this scheme worked.
- AllMostThere
- Posts: 1101
- Joined: Sat Dec 31, 2016 1:04 pm
Re: Fidelity Data Breach
Hmmm. On same note, I believe we can assume that AI will assist with identifying and closing security weaknesses. Data breaches are now a form of AI Wack-a-mole with many companies trying to minimize the thud felt by customers.
Stop thinking about what money can buy. Start thinking about what your money can earn. - Author JL Collins |
Dream as if you’ll live forever. Live as if you’ll die today. - Author James Dean
-
- Posts: 93
- Joined: Fri Mar 18, 2011 6:54 pm
Re: Fidelity Data Breach
It seems like once a month either my wife or I get notification that our data has been compromised. It is usually related to a medical provider. Having worked in the IT security field, it is my opinion that these compromises are happening more often because there is little deterrent for them to prevent it. It takes resources, both in the form of infrastructure and qualified personnel to safeguard against this and that translates to money. Until hefty fines are levied for breaches, expect this to continue and probably worsen. I am not saying that Fidelity is one of those that are not doing diligence to safeguard customers and I highly doubt they are since data security is such a vital part of their business.
-
- Posts: 365
- Joined: Fri May 03, 2024 8:05 am
Re: Fidelity Data Breach
TrueAllMostThere wrote: ↑Fri Oct 11, 2024 5:17 amHmmm. On same note, I believe we can assume that AI will assist with identifying and closing security weaknesses. Data breaches are now a form of AI Wack-a-mole with many companies trying to minimize the thud felt by customers.
Re: Fidelity Data Breach
This note is a bit odd, it would appear that the hackers accessed the database with a list of customers profiles (or details), not the actual Fidelity accounts.
https://www.bleepingcomputer.com/news/s ... 00-people/
"When asked how the attacker could access the data of thousands of customers using two accounts they previously created, Michael Aalto, Fidelity's head of external corporate comms, told BleepingComputer they couldn't share that information and added that "they did not view accounts. They viewed customer information"."
https://www.bleepingcomputer.com/news/s ... 00-people/
"When asked how the attacker could access the data of thousands of customers using two accounts they previously created, Michael Aalto, Fidelity's head of external corporate comms, told BleepingComputer they couldn't share that information and added that "they did not view accounts. They viewed customer information"."
"Everything in Moderation, including Moderation"
Re: Fidelity Data Breach
It is pretty insane when there are 1,799,639 breaches affecting residents in just the state of Maine in 2024: https://www.mass.gov/doc/data-breach-re ... 9521f97343
"The total number of breaches affecting Maine residents: 1,799,639"
=====
The Data Security Breaches in California appear to be much larger: https://oag.ca.gov/privacy/databreach/list
Searching on Fidelity breaches in California....
Organization Name Date(s) of Breach Reported Date
Fidelity Investments 08/17/2024 10/09/2024
Fidelity Investments Life Insurance Company & Empire Fidelity Investments Life Insurance Company 10/29/2023 07/19/2024
Fidelity Investments Life Insurance Company & Empire Fidelity Investments Life Insurance Company 10/29/2023 03/18/2024
Fidelity Investments Life Insurance Company & Empire Fidelity Investments Life Insurance Company 10/29/2023, 11/02/2023 03/01/2024
Fidelity National Information Services, Inc. 05/27/2023 11/09/2023
Fidelity National Information Services, Inc. 05/27/2023, 05/31/2023 10/04/2023
Fidelity National Information Services, Inc. 05/27/2023, 05/31/2023 09/19/2023
Fidelity National Information Services, Inc. 05/27/2023 08/11/2023
Fidelity Life Association 05/29/2023, 05/30/2023 07/25/2023
Fidelity National Financial, Inc. 04/14/2014, 04/16/2014 10/24/2014
Fidelity National Financial, Inc. 07/01/2013, 11/01/2013 06/13/2014
Fidelity Investments (on behalf of Oracle Corporation) 07/10/2013 07/31/2013
"The total number of breaches affecting Maine residents: 1,799,639"
=====
The Data Security Breaches in California appear to be much larger: https://oag.ca.gov/privacy/databreach/list
Searching on Fidelity breaches in California....
Organization Name Date(s) of Breach Reported Date
Fidelity Investments 08/17/2024 10/09/2024
Fidelity Investments Life Insurance Company & Empire Fidelity Investments Life Insurance Company 10/29/2023 07/19/2024
Fidelity Investments Life Insurance Company & Empire Fidelity Investments Life Insurance Company 10/29/2023 03/18/2024
Fidelity Investments Life Insurance Company & Empire Fidelity Investments Life Insurance Company 10/29/2023, 11/02/2023 03/01/2024
Fidelity National Information Services, Inc. 05/27/2023 11/09/2023
Fidelity National Information Services, Inc. 05/27/2023, 05/31/2023 10/04/2023
Fidelity National Information Services, Inc. 05/27/2023, 05/31/2023 09/19/2023
Fidelity National Information Services, Inc. 05/27/2023 08/11/2023
Fidelity Life Association 05/29/2023, 05/30/2023 07/25/2023
Fidelity National Financial, Inc. 04/14/2014, 04/16/2014 10/24/2014
Fidelity National Financial, Inc. 07/01/2013, 11/01/2013 06/13/2014
Fidelity Investments (on behalf of Oracle Corporation) 07/10/2013 07/31/2013
"Everything in Moderation, including Moderation"
Re: Fidelity Data Breach
The problem with hacking isn't just avoiding company "x" because you might think it is more prone to hacking but the issue of how many other companies handle your data and are vulnerable. While a company like Fidelity might maintain all the data itself, that isn't true of many other companies. And even with Fidelity, how is your data handled for banking, ATM/Debit cards, etc. ?
With medical facilities you have the facilities themselves trying to safeguard your data but then you have the billing companies that also have some access to your data.
After getting the letter from Change Health Care* recently where it seemed like everything possible was potentially compromised (driver's license, medical records, CC info, etc.) it just seems like the whole system is broken, accountability and punishment is non-existent and everything just falls to the individual consumer to fight identity theft.
I've worked in computer security/hacking and it is difficult. You have a lot of companies that simply don't want to spend money on it or take basic steps to do anything. They just want to put the blame on hackers. Things aren't going to get better any time soon.
*https://hyperproof.io/resource/understa ... nformation.
With medical facilities you have the facilities themselves trying to safeguard your data but then you have the billing companies that also have some access to your data.
After getting the letter from Change Health Care* recently where it seemed like everything possible was potentially compromised (driver's license, medical records, CC info, etc.) it just seems like the whole system is broken, accountability and punishment is non-existent and everything just falls to the individual consumer to fight identity theft.
I've worked in computer security/hacking and it is difficult. You have a lot of companies that simply don't want to spend money on it or take basic steps to do anything. They just want to put the blame on hackers. Things aren't going to get better any time soon.
*https://hyperproof.io/resource/understa ... nformation.
----------------------------- |
If you think something is important and it doesn't involve the health of someone, think again. Life goes too fast, enjoy it and be nice.
Re: Fidelity Data Breach
[Post merged into here --admin LadyGeek]
Fidelity really needs to get its act together when it comes to security. I just read an article, which I found mind-boggling.
Fidelity really needs to get its act together when it comes to security. I just read an article, which I found mind-boggling.
Fidelity Investments, one of the world’s largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver’s licenses.
The Boston, Massachusetts-based investment firm said in a filing with Maine’s attorney general on Wednesday that an unnamed third party accessed information from its systems between August 17 and August 19 “using two customer accounts that they had recently established.”
“We detected this activity on August 19 and immediately took steps to terminate the access,” Fidelity said in a letter sent to those affected, adding that the incident did not involve any access to customers’ Fidelity accounts.
Fidelity confirmed that a total of 77,099 customers were affected by the breach, and its completed review of the compromised data determined that customers’ personal information was affected. When reached by TechCrunch, Fidelity did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
Re: Fidelity Data Breach
Suppose by logging in, a customer can retrieve a certain document pertaining to the customer itself. The system hosting the documents checked it was a logged in user but it didn't check the requested document id belongs to that user. Thus the hackers could retrieve another customer's document by altering the document id or account number in the request. The other customers' accounts weren't accessed but their documents were retrieved.techcrunch wrote:In another data breach notice filed with New Hampshire’s attorney general, Fidelity revealed that the third party “accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers.”
Harry Sit
Re: Fidelity Data Breach
I noticed that the data breached included driver’s license. Why would Fidelity be storing a driver’s license for its customers?
Re: [Split from "Fidelity as a one stop shop" thread - locked or restricted Fidelity account issues]
Worked in IT at multiple competitors.vtftw100 wrote: ↑Thu Oct 10, 2024 10:38 amNothing is going to fundamentally change until executives and other decision makers at these companies start getting held *personally* liable (i.e. penalties having a personal liability on them or they start going to prison). It may sound extreme but imagine if things were the other way around, someone's stupid mistake/callousness led to catastrophic bank losses, they'll likely be prosecuted. It's only the corporations that get away with such behavior.I remember the first big data breach...it was Target. One school of thought was that because they had a breach (and likely buttoned up their systems), it would likely have better security going forward compared to say, Walmart.
I wonder if that panned out...
IOW, will Fidelity going forward possibly be more secure than Vanguard or Schwab?
Guess we'll have to see.
Letting Equifax off the hook (with a fine) was the OG mistake. Since then we've had major breaches all over the place, some more significant than others (e.g. T-Mobile).
The execs treat IT as a cost to minimize, and think we are interchangeable parts. This mentality leads to poor quality IT work. You need to vote with your feet and leave OR sue if you suffer losses. This and personal liability would get their attention to focus on quality over cost of IT.
Re: Fidelity Data Breach
I’ve never provided my license to a brokerage. I suppose I have though at other places when in person, like a doctor’s office where they want ID and insurance card.
Seems like a bad idea to store it online, but perhaps the doctor does too, although usually it’s a paper copy.
-
- Posts: 1356
- Joined: Tue Feb 11, 2020 7:32 am
Re: Fidelity Data Breach
DW got a letter from Fidelity yesterday, her data (ssn, Fido account number) were compromised in a data breach. Here's a link that looks similar:
https://www.foxnews.com/tech/over-77000 ... ata-breach
https://www.foxnews.com/tech/over-77000 ... ata-breach
Re: Fidelity Data Breach
I just got back from six week travel, and surprised to see a letter from Fidelity that my SS and account number are being compromised from August Fidelity data breach incident. Its unsettling but feel helpless
The question is how about all our investments? Fidelity, Vanguard, Charles Schwab.... are anyone safe?
The question is how about all our investments? Fidelity, Vanguard, Charles Schwab.... are anyone safe?
Re: Fidelity Data Breach
Has anyone heard if Fidelity is at least changing the account numbers of the accounts that were compromised?
Re: Fidelity Data Breach
And someone doesn't have to get stuff from a company directly. Some breaches, say in health care, they might be able to get almost all of your identity info including SSN, address, DOB, phone, etc. and use it to convince a place that they are you. At times people have been able to get email addresses changes to the hackers and then they have a lot of control.FireHorse wrote: ↑Wed Oct 23, 2024 3:19 pm I just got back from six week travel, and surprised to see a letter from Fidelity that my SS and account number are being compromised from August Fidelity data breach incident. Its unsettling but feel helpless
The question is how about all our investments? Fidelity, Vanguard, Charles Schwab.... are anyone safe?
A sad situation where no matter what you do, short of never giving info to anyone which is nearly impossible, your data can be hacked via some 3rd party such as a bill servicing provider, and you potentially could be in a lot of trouble.
I'm thinking the only thing saving people are that there is so much data out there and others will be more unlucky than you. I'm not good at tracking this stuff but over the last 20 years how many hacks have there been? I'm guessing most of us have had some form of their data compromised at least 5+ times over the last decade. I think Equifax or one of the credit bureaus had issues.
----------------------------- |
If you think something is important and it doesn't involve the health of someone, think again. Life goes too fast, enjoy it and be nice.
Re: Fidelity Data Breach
Little Bobby Drop Tables would be so proud.toddthebod wrote: ↑Thu Oct 10, 2024 6:15 pmThe account was registered to one Robert'); UPDATE UserTable SET Password = NULL.CardinalRule wrote: ↑Thu Oct 10, 2024 6:08 pm
That’s the part that befuddles and interests me. I guess we will eventually learn how this scheme worked.
Re: [Split from "Fidelity as a one stop shop" thread - locked or restricted Fidelity account issues]
This. I was told I was a cost to minimize.beyou wrote: ↑Sat Oct 12, 2024 4:37 pmWorked in IT at multiple competitors.vtftw100 wrote: ↑Thu Oct 10, 2024 10:38 am
Nothing is going to fundamentally change until executives and other decision makers at these companies start getting held *personally* liable (i.e. penalties having a personal liability on them or they start going to prison). It may sound extreme but imagine if things were the other way around, someone's stupid mistake/callousness led to catastrophic bank losses, they'll likely be prosecuted. It's only the corporations that get away with such behavior.
Letting Equifax off the hook (with a fine) was the OG mistake. Since then we've had major breaches all over the place, some more significant than others (e.g. T-Mobile).
The execs treat IT as a cost to minimize, and think we are interchangeable parts. This mentality leads to poor quality IT work. You need to vote with your feet and leave OR sue if you suffer losses. This and personal liability would get their attention to focus on quality over cost of IT.
Life is more than grinding it out in some drab office setting for an arbitrary number. This isn't a videogame where the higher score is better. -Nathan Drake
-
- Posts: 7995
- Joined: Wed May 18, 2022 12:42 pm
Re: Fidelity Data Breach
It was an obscure reference but we have a winner!mouth wrote: ↑Wed Oct 23, 2024 4:08 pmLittle Bobby Drop Tables would be so proud.toddthebod wrote: ↑Thu Oct 10, 2024 6:15 pm
The account was registered to one Robert'); UPDATE UserTable SET Password = NULL.
Re: Fidelity Data Breach
Never fails to amuse
Re: Fidelity Data Breach
with a family member impacted, i can tell you fidelity's customer service folks answering the questions can provide little or no helpful information about what or how this happened. post above related to the new account creation process and uploading of documents is the best information i have seen and correlates with an account opening for my family member. The transunion credit monitoring offer for 2 years is a small CYA remedy for a potential long time problem... not loving fidelity service or responses today and makes me think about any further consolidation of accounts with them. will likely always have a plan b... anyone else get any better answers or recourse from fidelity?
Re: Fidelity Data Breach
After receiving a letter regarding the data breach, I called the dedicated customer service number that Fidelity provided to answer questions. With multiple accounts from various employers over the years, I wanted to find out what Fidelity and non-Fidelity account information was accessed. I first spoke to a customer service agent whose script consisted of the press release that Fidelity had published. He was nice enough and escalated the call to his supervisor. The supervisor refused to provide any additional information and refused to escalate the call any further. The supervisor was borderline rude and showed no empathy to helping secure my accounts other than sign up for the credit monitoring. As a retired compliance officer from a Fortune 100 company, I requested a contact within Fidelity's privacy department to further discuss my concerns with Fidelity's response. The supervisor refused to provide that information. He did not even provide basic guidance like changing access passwords or account numbers. Worst customer service experience ever.
After the call I looked on Fidelity's website for a link to their compliance/privacy hotline. Most companies publish an easy to find link to a compliance/privacy hotline to meet DOJ compliance requirements. Fidelity is an exception.
After the call I looked on Fidelity's website for a link to their compliance/privacy hotline. Most companies publish an easy to find link to a compliance/privacy hotline to meet DOJ compliance requirements. Fidelity is an exception.