Fidelity Investments Suffers Major Data Breach Affecting 30,000 Users
On March 28, 2024, Fidelity Investments reported a data breach impacting over 30,000 individuals, linked to a third-party service provider, Infosys McCamish. Sensitive information, including Social Security numbers and bank account details, was compromised. In response, Fidelity is offering affected users 24 months of complimentary credit monitoring to help mitigate potential consequences. This incident highlights the vulnerability organizations face from third-party services, underlining the importance of rigorous vendor assessments and security protocols. Organizations must prioritize third-party risk management to safeguard sensitive data and maintain customer trust. As the financial sector increasingly relies on third-party providers, the implications of such breaches can reverberate widely, affecting reputations and regulatory compliance.
Also In Security Today
- Critical Vulnerability in CrushFTP: A severe vulnerability, CVE-2025-2825, with a CVSSv3 score of 9.8, was discovered in CrushFTP. This flaw allows unauthorized attackers to send malicious HTTP requests, necessitating immediate patches. Read more.
- Increased Ransomware Activity: March 2024 has seen a spike in ransomware attacks across various sectors, including utilities and healthcare. This trend underscores the need for enhanced cybersecurity measures. Learn more.
- LexisNexis Data Breach: A data breach at LexisNexis resulted in the exfiltration of 2.04 GB of data, affecting over 400,000 user profiles, including those linked to .gov email addresses. This raises concerns about security in legal and governmental sectors. More details here.