You may want to check to see if your data was accessed.

"Fidelity Investments, one of the world's largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver's licenses."

From: Fidelity says data breach exposed personal data of 77,000 customers (https://finance.yahoo.com/news/fidelity-says-data-breach-exposed-114841294.html)

You may want to check to see if your data was accessed.

"Fidelity Investments, one of the world's largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver's licenses."

From: Fidelity says data breach exposed personal data of 77,000 customers (https://finance.yahoo.com/news/fidelity-says-data-breach-exposed-114841294.html)

Wow we have an account with them and this is the first we have heard of it. Getting to be a weekly occurence.

So whomever was getting the run around about security about two weeks ago or so got his issue right after that hack, and of course no reason until legal said so.

My mom just got a new Medicare card due to a massive hack

You may want to check to see if your data was accessed.



How exactly does one do that? The linked article gave no info.

You may want to check to see if your data was accessed.

"Fidelity Investments, one of the world's largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver's licenses."

From: Fidelity says data breach exposed personal data of 77,000 customers (https://finance.yahoo.com/news/fidelity-says-data-breach-exposed-114841294.html)
“We detected this activity on August 19 and immediately took steps to terminate the access,” Fidelity said in a letter sent to those affected, adding that the incident did not involve any access to customers’ Fidelity accounts.

How exactly does one do that? The linked article gave no info.

Did you get the letter which Blueash's link provided?

Just think, when these places want you to change you password every 6 months or so, it really doesn't matter when hackers can get your information directly from them.. so what's the point ?

Just think, when these places want you to change you password every 6 months or so, it really doesn't matter when hackers can get your information directly from them.. so what's the point ?

The companies go after low hanging fruit. It is easy & inexpensive to tell customers to change their own passwords, then the company gets to publicize its great security. While actually hardening their systems against intrusions is difficult, & costly, & ever changing.

Just think, when these places want you to change you password every 6 months or so, it really doesn't matter when hackers can get your information directly from them.. so what's the point ?

The point is........................if the hackers pull the data (password) today and you happen to change your password randomly and it happens that you change it tomorrow or next week, the hacker does not have your data.

My AT&T account was hacked a few months ago and passwords were obtained by the bad guys. AT&T sent me a couple letters letting me know and recommending I change my passwords. I imagine Fidelity has sent or will send letters to the affected parties.

Did you get the letter which Blueash's link provided?

Ah, no. Then I guess I wasn't affected. I missed the part about the letter.

At this point, assume your info is out there and protect accordingly.

As luck would have it, we took most of our money out of Fidelity in July to go in a different direction. Maybe the best investment choice we made yet…😄

As luck would have it, we took most of our money out of Fidelity in July to go in a different direction. Maybe the best investment choice we made yet…😄

It was minor breach and quickly controlled. Data obtained was SS# and drivers license info, not password anything that would allow account access. SS# and drivers license info is pretty easy to obtain.

In this day and age, companies that possess your personally identifiable information (“PII”) are required to notify you when there is a hack/data breach.

Many of us may not be aware:

1. The reporting and individual notice requirements of a data breach vary by state. Now all 50 states have regulations governing who, what and when notifications must be sent. However, the regulations are not all the same.
2. The residence state of the individual/entity governs the notice requirements not the location of the company that has the PII.
3. The nature of the PII and the number of accounts hacked as detailed in the resident state regulations will determine if the individual must be notified.
4. Depending on 1-3 above the firm that held the PII may be required to offer credit monitoring to those impacted for some period of time.

Life is complicated, and modern life is even more complicated so it’s best to take all the precautions that you can to safeguard PII. Some precautions we can take include:

1. Using multi-factor authentication (“MFA”) where you must verify access using two systems.
2. Changing passwords on a regular basis.
3. Being deliberate when responding to TXT, email and other communication to prevent disclosing PII to nefarious actors that will use it to hack your system.

This is big business and there are tools out there to help, avoid, prevent, educate and transfer the risks. The first step is knowledge and being aware of the issue.

Just think, when these places want you to change you password every 6 months or so, it really doesn't matter when hackers can get your information directly from them.. so what's the point ?

Its taken a long time for companies to start to question their password policies, but frequent password changes are no longer the standard used across industries.

If you are interested... Time to rethink mandatory password changes | Federal Trade Commission (https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2016/03/time-rethink-mandatory-password-changes)

I receive notification of data breaches at least monthly. It's so frequent that I half wonder whether there is an element of marketing since the notifications always include offers of "free" credit and security monitoring from some company for 1 year after which I am sure there would be an offer to continue the monitoring at a "nominal" annual fee. Just what I need, another subscription. I have over 8 encrypted pages of passwords, with many repeats. It seems almost physically impossible to routinely update them and make them all unique. I think the best approach currently is to opt in for 2 factor authentication wherever it's offered. It slows the login process down but appears to be very difficult to hack and allows for password simplification. I don't care very much if someone gets my password for a magazine subscription. It's the financial stuff that matters. When data breaches occur, there is the chance of vital identification info being released and leading to ID theft. So, it's important to routinely check your credit reports and freeze credit access.

CoachK's boss told her that someone got access to his Fidelity account over the weekend. They spoofed his number, and answers all the questions correctly, or somehow got through. Not sure how much 2FA, etc he had but they are all trying.

My Mom's checking account got locked over the weekend as well. All related to a medical hack back in April of the same hospital's patient records at a transfer site for billing.

Maybe the only safe way is go back to the old days where you talk to a person before anything can be done.

Don't know if this is an option with other financial services but Edelman Financial won't do anything unless you speak to your advisor on the phone.

Maybe the only safe way is go back to the old days where you talk to a person before anything can be done.

Don't know if this is an option with other financial services but Edelman Financial won't do anything unless you speak to your advisor on the phone.

without some sort of voice validation, or non public validation process, its all hackable. Phones can have sim cards switched with software sims, etc. .