October 2024, Issue 13

Fidelity Breach Exposes Thousands of Customers’ Data

富达 announced last week, via a filing with the State of Maine Attorney General, that it experienced a significant data breach, exposing sensitive personal information of over 77,000 customers. An internal investigation confirmed that the breach took place between August 17th and August 19th when an attacker gained access using two customer accounts that they had recently established. The exposed information includes customers’ Social Security numbers and driver’s licenses.

富达 stated that after detecting the fraudulent activity on August 19th, steps were taken to terminate the unauthorized access immediately. Moreover, the firm emphasized that no customer accounts were accessed during the data breach. At this time, Fidelity has not released any specific information about whether any of the stolen data has been misused, and it remains unclear how exactly the attacker gained access to Fidelity’s customer information database.

Cybersecurity Awareness Month: Is Your Firm Properly Protected From Cyber-Attacks?

The 富达 data breach is representative of an industry-wide uptick in cyber attacks. As technological advances are made, cyber breaches in the RIA space are becoming more frequent and sophisticated. Attackers increasingly utilize techniques such as phishing, social engineering, and credential stuffing to exploit financial institutions and their clients' vulnerabilities. As a result, we have put together several quick tips to help firms maintain a robust cybersecurity environment:

• Implement Multi-Factor Authentication (MFA) wherever available.
• Conduct Regular Vulnerability Scanning and/or Penetration Testing.
• Perform ongoing Cybersecurity Awareness Training,
• Develop and test your Incident Response Plan (IRP).
• Implement Passwords that are at least 12 characters in length and contain at least one uppercase letter, one symbol, and one special character.
• Maintain an up-to-date Cybersecurity Policy.

The best way for RIAs to address these recommended actions is to partner with AdvisorDefense LLC, an RIA-focused cybersecurity consulting firm and affiliate of AdvisorAssist . AdvisorDefense provides a range of cybersecurity services, including vendor due diligence, cybersecurity risk assessments, policies and procedures review, regulatory exam support, and breach response guidance. Contact Philip Coniglio , CEO of AdvisorDefense , or your AdvisorAssist consultant today for more information!

Want AdvisorConnect in a downloadable format? Download the PDF here.