In August, a risk actor compromised the knowledge of 77,099 Fidelity Investments consumers in Maine, the monetary company mentioned in a breach notification letter to hundreds of shoppers on Oct. 9.

The attacker didn’t get admission to budget in Fidelity funding accounts. However, the hacker acquired non-public knowledge — together with Social Security numbers and motive force’s licenses — and created two new buyer accounts. In reaction, Fidelity close down the attacker’s get admission to and introduced affected consumers a credit score tracking and id recovery carrier.

“We take this incident and the security of your information very seriously,” the Fidelity Investments Private Office wrote in a pattern understand drafted for Maine citizens. “As noted above, upon detecting this activity, we promptly took steps to terminate the activity and address this incident.”

Elements of cyberattack stay unknown

According to Fidelity’s information breach notification within the state of Maine, the assault passed off between Aug. 17 and 19. As of this writing, Fidelity has now not disclosed how the attacker received get admission to or what facets of the brand new accounts allowed them to navigate during the machine.

“The information obtained by the third party related to a small subset of our customers,” Fidelity wrote.

SEE: It’s that point once more: Microsoft and Apple each have main updates round Patch Tuesday.

Along with shutting the attacker’s door into the machine, Fidelity introduced in exterior safety professionals to lend a hand with the investigation. The reaction used to be urged, Fidelity mentioned. The corporate introduced credit score tracking and id recovery products and services, which might flag any odd task within the affected consumers’ funding accounts.

This isn’t Fidelity’s first brush with cyberattackers. In March, Fidelity filed a disclosure pronouncing consumers’ non-public knowledge were uncovered in a ransomware assault. In that case, hackers broke into Infosys McCamish Systems via its IT methods in November 2023. The October disclosure seems unrelated to that assault.

Take precautions with accounts containing delicate knowledge

Fidelity reminded consumers to watch their very own accounts for doable fraud or different suspicious conduct. They additionally direct consumers to directions for putting a fraud alert or credit score document. Their suggestions come with:

• Regularly assessment your statements to your monetary and different accounts.
• Monitor your credit score reviews.
• Promptly document any suspicious task on your monetary establishment, native legislation enforcement, or your suitable state authority.

When reached for remark, Fidelity showed the ideas offered within the draft breach notification.

“We recognize our customers may have questions about this event and we have resources in place to assist them,” Fidelity mentioned in a observation equipped through Corporate External Communications Head Michael Aalto. “Fidelity takes its responsibility to serve customers and safeguard information seriously.”