U.S. multinational financial services firm Fidelity Investments had information from 77,009 individuals compromised following a data breach in August, SC Media reports.
Attackers were able to exfiltrate certain Fidelity customer information between Aug. 17 and Aug. 19 after using two newly created customer accounts, which were immediately taken down, according to a breach notice issued by the Boston-based firm.
No details regarding the nature of the stolen data were provided, but Fidelity emphasized that the incident did not involve ransomware nor were funds compromised. ColorTokens Field Chief Technology Officer Venky Raju said the breach could have stemmed from broken access control within Fidelity's web apps, while Critical Start Cyber Threat Intelligence Research Analyst Sarah Jones believes that threat actors may have sought to perform information-gathering for future attacks.
"The 'beachhead' theory, where attackers establish a foothold to launch further attacks, is a common tactic in such incidents. Although Fidelity assures customers that their accounts and funds were not directly accessed, the breach raises concerns about the security of personal information, increasing the risk of identity theft, fraud, or other malicious activities," Jones added.
