Fidelity Investments Notifies 28K Customers of Data Breach

Fidelity Investments Life Insurance Company (FILI) has announced a significant data breach affecting approximately 28,000 customers, following a cyberattack on third-party service provider Infosys McCamish Systems (IMS). The breach, which occurred between October 29 and November 2, 2023, involved unauthorized access to sensitive customer information.

According to SecurityWeek, the breached data included names, dates of birth, Social Security numbers, states of residence, bank account and routing numbers, and credit card numbers. FILI has begun notifying affected individuals and are offering two years of free credit monitoring services in response to the breach.

The incident was first disclosed in a filing with the Maine Attorney General's Office, where Fidelity Investments detailed the scope of the compromised data. The filing also revealed that the breach resulted from a cyberattack on IMS, which also impacted Bank of America, affecting roughly 57,000 customers. The investigation into the breach is ongoing, with Fidelity stating they are "unable to determine with certainty what personal information was accessed."

LockBit, a notorious ransomware gang, claimed responsibility for the attack last year. The gang continues to pose a threat to this day, despite global efforts. The involvement of LockBit raises serious concerns about the potential for the stolen data to be auctioned off on the dark web, where it would then likely be used for phishing attacks, identity theft, and financial fraud.

The worrying trend of third-party service providers being targeted by cybercriminals exposes the interconnected risks in the financial sector's supply chain, where a breach in one part can have cascading effects on others.

Financial institutions in Europe and community banks such as Flagstar Bank were also targeted by cybercriminals just last year. This latest breach further questions the adequacy of current cybersecurity practices in protecting customer information.