Data Breach at Fidelity!
 

You may want to check to see if your data was accessed.

"Fidelity Investments, one of the world's largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver's licenses."

From: Fidelity says data breach exposed personal data of 77,000 customers

Wow we have an account with them and this is the first we have heard of it. Getting to be a weekly occurence.

So whomever was getting the run around about security about two weeks ago or so got his issue right after that hack, and of course no reason until legal said so.

My mom just got a new Medicare card due to a massive hack

How exactly does one do that? The linked article gave no info.

“We detected this activity on August 19 and immediately took steps to terminate the access,” Fidelity said in a letter sent to those affected, adding that the incident did not involve any access to customers’ Fidelity accounts.

Did you get the letter which Blueash's link provided?

Just think, when these places want you to change you password every 6 months or so, it really doesn't matter when hackers can get your information directly from them.. so what's the point ?

The companies go after low hanging fruit. It is easy & inexpensive to tell customers to change their own passwords, then the company gets to publicize its great security. While actually hardening their systems against intrusions is difficult, & costly, & ever changing.

The point is........................if the hackers pull the data (password) today and you happen to change your password randomly and it happens that you change it tomorrow or next week, the hacker does not have your data.

My AT&T account was hacked a few months ago and passwords were obtained by the bad guys. AT&T sent me a couple letters letting me know and recommending I change my passwords. I imagine Fidelity has sent or will send letters to the affected parties.

Ah, no. Then I guess I wasn't affected. I missed the part about the letter.

At this point, assume your info is out there and protect accordingly.

As luck would have it, we took most of our money out of Fidelity in July to go in a different direction. Maybe the best investment choice we made yet…😄

It was minor breach and quickly controlled. Data obtained was SS# and drivers license info, not password anything that would allow account access. SS# and drivers license info is pretty easy to obtain.

Obligations of Companies that have your personally identifiable information
 

In this day and age, companies that possess your personally identifiable information (“PII”) are required to notify you when there is a hack/data breach.

Many of us may not be aware:

1. The reporting and individual notice requirements of a data breach vary by state. Now all 50 states have regulations governing who, what and when notifications must be sent. However, the regulations are not all the same.
2. The residence state of the individual/entity governs the notice requirements not the location of the company that has the PII.
3. The nature of the PII and the number of accounts hacked as detailed in the resident state regulations will determine if the individual must be notified.
4. Depending on 1-3 above the firm that held the PII may be required to offer credit monitoring to those impacted for some period of time.

Life is complicated, and modern life is even more complicated so it’s best to take all the precautions that you can to safeguard PII. Some precautions we can take include:

1. Using multi-factor authentication (“MFA”) where you must verify access using two systems.
2. Changing passwords on a regular basis.
3. Being deliberate when responding to TXT, email and other communication to prevent disclosing PII to nefarious actors that will use it to hack your system.

This is big business and there are tools out there to help, avoid, prevent, educate and transfer the risks. The first step is knowledge and being aware of the issue.