Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fidelity. Show all posts
TransUnion
Customer Data Customer Data Exposed Data Breach Fidelity Investment fraud OWASP TransUnion

Fidelity Investments Data Breach Affects 77,099 Customers

 

Fidelity Investments recently disclosed a data breach that impacted 77,099 customers, with details made public in an October 9 filing with the Maine Attorney General’s Office. The breach occurred on August 17, 2024, and was discovered two days later on August 19. According to a letter sent to those affected, unauthorized access was gained to two newly established customer accounts. Using these accounts, the attackers were able to view and obtain personal information, although Fidelity noted that account balances or transactions were not viewed. 

While Fidelity did not disclose the specific types of data stolen, it has assured affected customers by offering 24 months of free credit monitoring and identity restoration services through TransUnion. The absence of service disruptions during the breach suggests that the attack was likely not ransomware-based, although the form of the attack remains undisclosed. Fidelity’s spokesperson, when addressing the breach, said the attackers “viewed customer information” without directly accessing customer accounts. Security experts believe that this kind of attack likely exploited a vulnerability in Fidelity’s web applications. 

Venky Raju, the field chief technology officer at ColorTokens, noted that the attack vector likely involved a misconfiguration in customer-facing applications, allowing the attackers to establish new accounts and access customer information through them. This method aligns with known vulnerabilities in web security, including those listed in the OWASP Top 10 Web Application Security Risks. Exploiting these vulnerabilities can allow attackers to bypass account security and access sensitive data. Cybersecurity analysts have speculated that the breach was primarily an information-gathering exercise. According to Sarah Jones, a cyberthreat intelligence research analyst at Critical Start, the motive behind the breach likely involved gathering data that could be used for future attacks. 

These could range from identity theft and phishing campaigns to more severe scenarios like ransomware demands. The personal information obtained through such breaches can be valuable on its own, or it can serve as a means for launching further, more sophisticated cyberattacks. As the investigation continues, Fidelity is working with external cybersecurity experts to understand the scope of the breach and to implement additional security measures. Customers are encouraged to stay vigilant and monitor their accounts for unusual activity. By providing affected users with credit monitoring and identity restoration services, Fidelity aims to mitigate the risks posed by the breach while ensuring that proper measures are put in place to prevent future incidents.  

While the exact impact of the data breach remains unclear, it serves as another reminder of the growing threats to personal information in the digital age. The evolving tactics of cybercriminals, particularly in exploiting vulnerabilities in web applications, highlight the importance of continuous security assessments and prompt responses to emerging threats.
Read more »
Third-party breach
America Data Breach Fidelity IMS Third-party breach

Fidelity Faces Second Data Breach Linked to Third-Party Provider: Infosys McCamish

 

Fidelity Investments Life Insurance Company (FILI) faces another data breach challenge as it discloses a breach affecting a significant number of individuals. The breach, linked to third-party service provider Infosys McCamish (IMS), heightens worries over data security in today's digital landscape. 

Approximately 28,268 individuals have been notified by Fidelity regarding the breach. Although IMS could not pinpoint the exact data accessed, it is suspected to include sensitive information like names, Social Security numbers, states of residence, bank account and routing numbers, and dates of birth. 

This unfortunate incident marks the second instance this year alone where Fidelity has had to inform customers of data compromise due to a third-party breach involving IMS. Last month, Bank of America faced a similar ordeal following a ransomware attack on IMS, affecting over 57,000 customers. 

Remarkably, the data accessed in both breaches appears to be of a similar nature, prompting concerns over the underlying vulnerability in IMS's systems. As investigations into the breach continue, questions loom over whether IMS's woes are linked to the same cyber incident. 

What exactly is a third-party data breach? 

Essentially, it occurs when a vendor or supplier's system is compromised, resulting in the theft of data belonging to you or your organization. This means that even though you may have entrusted your data to a third party for various services or goods, their system becomes a target for cybercriminals. 

But who exactly are these third parties? 

They are organizations with which your company has established a business relationship to provide goods, access, or services for your use. These critical third parties often require access to sensitive data to fulfil their services, thereby increasing your company's attack surface. 

Why is this a cause for concern? 

Well, when a critical third party experiences a breach, it can have severe repercussions for your organization. Not only does it compromise the security of your data, but it also exposes you to significant risks. This underscores the importance of thoroughly vetting and monitoring third-party vendors to mitigate potential security threats. 

In essence, understanding third-party data breaches is crucial for safeguarding your organization's data and reputation. By implementing robust security measures and carefully managing your business relationships, you can better protect yourself against the risks posed by third-party breaches. 

Now Little Information Regarding Fidelity Company 

Fidelity Investments, headquartered in Boston, Massachusetts, has been a powerhouse in the financial services sector since its founding in 1946. Boasting $4.3 trillion in assets under management and $10.3 trillion under administration as of December 2022, Fidelity is globally recognized as one of the largest asset managers. Offering a comprehensive suite of financial solutions, including brokerage services, mutual funds management, investment advice, retirement planning, wealth management, and life insurance, Fidelity caters to a wide range of clients, from individual investors to institutional entities. 

Despite its robust security measures, the company has encountered cybersecurity challenges in the form of occasional breaches, impacting its operations and raising concerns about the security of customer data.
Read more »
Subscribe to: Posts (Atom)