Fidelity Suffers Cyberattack Via Same Vendor as Bank of America

Fidelity Investments Life Insurance Company has notified almost 30,000 individuals of a third-party data breach that has compromised their private sensitive information, according to a story from DarkReading.

Third-party service provider Infosys McCamish (IMS) notified Fidelity about a cybersecurity event in November and discovered that its systems were breached between Oct. 29 and Nov. 2 according to the report.

In February Bank of America had to deal with a breach after IMS was the victim of a ransomware attack that yielded data on more than 57,000 customers. It is unclear if the same attack garnered both Fidelity and Bank of America data.

Fidelity told customers that IMS cannot determine so far what information was accessed in the breach, but it is likely to include individual names, Social Security numbers, states of residence, bank account and routing numbers, and dates of birth. 

Fidelity is reviewing its records and conferring with IMS about the breach. Meanwhile, it is offering affected customers two years of credit monitoring through TransUnion Interactive. Fidelity advises merchants to review their financial statements and credit reports and communicate any suspicious activity. 

DarkReading quotes Jeff Margolies, chief product and strategy officer of Saviynt, a cloud security firm, who says that third-party security breaches are increasing in frequency and impact, and as companies become more reliant on service providers they are proving to be the most accessible vector into their clients’ critical data

“Enterprises need to improve their capabilities to manage and govern their third-party access as part of their identity-security programs,” Margolies said.