Fidelity Investments, a prominent Boston-based financial services company, recently experienced a data breach affecting more than 77,000 customers across 11 countries. Between August 17 and 19, cybercriminals gained unauthorized access through two newly established customer accounts.
Attackers allegedly used these new account credentials to query other customers’ account details, utilising the common “Broken Access Control” weakness.
The breach was promptly detected on August 19, and Fidelity immediately launched an investigation in collaboration with external cybersecurity experts. Fortunately, no customer accounts were compromised, and there is no indication of any misuse of the stolen data.
As a precautionary measure, Fidelity is offering two years of complimentary credit monitoring and identity restoration services to those affected. This step is intended to help customers protect their financial identities in the aftermath of the incident.
Fidelity urges affected customers to enrol in the credit monitoring services provided and remain vigilant for any signs of fraudulent activity. Additionally, customers are advised to regularly review their credit reports and report any suspicious activity to their financial institutions, law enforcement, or state authorities without delay.
We are noticing increased threats in the financial services industry with other recent breaches:
– Man stole $37m in Crypto from Financial Firm’s Clients
Sources:
Fidelity Investments Sample Letter
https://owasp.org/Top10/A01_2021-Broken_Access_Control/
