Fidelity Investments, one of the largest asset managers in the world, has reported a data breach impacting the personal information of more than 77,000 customers. The breach occurred between August 17 and 19, 2024, and was linked to two customer accounts that had been created by unknown attackers.

Fidelity detected the breach on August 19 and immediately took action to terminate unauthorized access. The breach involved the exposure of personal information, but not account data, according to a filing with Maine’s Attorney General.

The incident affected 77,099 customers, but Fidelity has not yet specified what information was stolen, other than personal identifiers such as names. Fidelity has enlisted the help of external security experts to investigate the incident.

When asked about how two accounts led to the exposure of thousands of customer records, Fidelity’s spokesperson Michael Aalto declined to provide specific details. However, he emphasized that no unauthorized account access had taken place. Instead, the attackers only viewed customer information.

Although Fidelity has found no evidence that the stolen data has been misused, the company is offering two years of free TransUnion credit monitoring and identity restoration services to those affected. The company also advised its customers to remain alert by regularly reviewing financial statements, tracking credit records, and reporting any dubious activity to their financial institution, local law enforcement, or relevant state authority.

Similarly, in March 2024, Fidelity Investments Life Insurance Company (FILI), a subsidiary of Fidelity Investments, disclosed a data breach that impacted around 28,000 customers.

Fidelity, with $14.1 trillion in assets under administration and $5.5 trillion under management, employs over 75,000 associates across 11 countries, including the UK, India, and Germany.