More Than 77,000 Affected by Fidelity Investments Data Breach

share
Header image

More Than 77,000 Affected by Fidelity Investments Data Breach

share

Was access gained from broken access control within Fidelity's web apps?


Fidelity Investments had information from 77,009 individuals compromised following a data breach in August.

According to SC US, attackers were able to exfiltrate certain customer information between August 17th and 19th from the the US multi-national financial services firm after using two newly created customer accounts, which were immediately taken down.

A breach notice issued by the Boston-based firm did not reveal details regarding the nature of the stolen data, but the company emphasised that the incident involved neither ransomware or fund compromise.

The breach was noted by ColorTokens field chief technology officer Venky Raju to potentially have stemmed from broken access control within Fidelity's web apps, while Critical Start cyber threat intelligence research analyst Sarah Jones believes that information-gathering for future attacks may have been primarily sought by the threat actors.

"The 'beachhead' theory, where attackers establish a foothold to launch further attacks, is a common tactic in such incidents,” Jones said. “Although Fidelity assures customers that their accounts and funds were not directly accessed, the breach raises concerns about the security of personal information, increasing the risk of identity theft, fraud, or other malicious activities.”


Data Breach Published: 11 October

Related content

Organisations Deal With Increasing Number of Identities Per Employee

Organisations Deal With Increasing Number of Identities Per Employee

 More Malicious Apps Available in Google Play Store

More Malicious Apps Available in Google Play Store

 Tickets Breach: CEO Corrects on Number Exposed

Tickets Breach: CEO Corrects on Number Exposed
Russian-Backed Attackers Hit Ambulance Service

Russian-Backed Attackers Hit Ambulance Service

 Casio Investigates ‘Unauthorised Access’ Incident

Casio Investigates ‘Unauthorised Access’ Incident

 Open AI Dismantles Nation State Use of ChatGPT

Open AI Dismantles Nation State Use of ChatGPT
Marriott Faces $52 Million FTC and Reprimand Over Data Breaches

Marriott Faces $52 Million FTC and Reprimand Over Data Breaches

Upcoming Events

24
Oct
Webinar

Securing Data in the Cloud: Advanced Strategies for Cloud Application Security

Discussing the current trends in cloud security, focusing on the challenges of hybrid environments

In this live webinar, join security specialists from OPSWAT to discuss the current trends in cloud security, focusing on the challenges of hybrid environments, including diminished visibility and weakened threat detection.

image image
Find out more chevron_right