Fidelity's Data Breach Exposes Personal Info of 77K Crypto ETF Customers

[TL; DR]

A security breach on Fidelity database that occurred in August resulted in theft of personal information for over 77,000 customers.

Fidelity has offered free credit monitoring and identity restoration services to customers whose accounts were breached.

Two factor authentication is one way to prevent account hacking.

Introduction

Data breaches are a real security threat as bad actors may use the information for unexpected reasons. With the allure of getting rich through stealing digital currencies, hackers are more daring than before. Sadly, there are hacking syndicates that use advanced techniques to steal personal data. The best thing to prevent such occurrences is to use proven methods such as two factor authentication and strong passwords. In this article we discuss Fidelity’s data breach that affected more than 70,000 individuals.

Background on Fidelity and the Breach

Fidelity Investments, a crypto ETF Issuer, has confirmed that bad actors breached its system and accessed data for more than 77,0000 of its customers. The company divulged the sad development when it reported the case to Maine’s attorney general. However, only a small fraction of its customers were affected since it has more than 515 million clients in its database. The security breach occurred between 17 and 19 august when the attacker accessed its customer accounts. However, the company has assured its clients that external security experts have helped to resolve the issues.

Unfortunately, this is the fourth time that Fidelity had data breaches within 12 months. The other data breaches occurred on 4 March, 18 March and 19 July. In its communication, Fidelity shared with the Maine attorney general the dates of the breaches and the number of people who were affected. After it noticed that its system was compromised the company blocked the users or any other unauthorized persons from accessing the affected accounts. From there, with the assistance of external experts Fidelity instituted a thorough security investigation. It aims to prevent similar situations from occurring in the future. Since the Fidelity data breach was limited to one database the malicious actors failed to access customer funds.

Fidelity also tendered another notice of customer data leak to Massachusetts attorney general since the attackers also stole driver’s licenses details and social security numbers of the affected people. In the meantime, Fidelity has contacted the affected customers using emails, alerting them of the data breach.

Fidelity has not been the only high-profile company that has been breached by attackers. OpenAi, an artificial intelligence firm, and AT&amp, a telecommunications company, were also breached earlier this year. It is important to note that Fidelity is one of the leading asset management firms that is actively involved in cryptocurrencies. Early this year, it launched its spot bitcoin ETF and spot Ethereum ETF. As a matter of fact, since its launch the Fidelity Wise Origin Bitcoin Fund has received around $10 billion in capital inflows. On the other hand, Fidelity Ethereum Fund has attracted over $445 since its inception in July.

How the Breach Happened

According to the reports that Fidelity sent to the relevant authorities a third party that recently opened two accounts breached its system. However, the company did not state exactly how it happened. At the moment, the company manages over $14 trillion in assets which indicates its high responsibility to secure its customers’ information. Based on the record of data breaches Fidelity has had during this year alone it should invest more in its security system.

Free credit monitoring and identity restoration services by Fidelity

At this point, Fidelity said that it has not yet noticed any ways in which the attackers used the stolen data. However, to ensure that the affected customers remain safe the company is offering free credit monitoring and identity restoration services for the next two years. The customers must enroll for these services. With this facility, TransUnion Interactive, responsible for monitoring credit reports, will be able to notify any customer about any unusual activity that may suggest a possible fraud. This is an important aspect of Fidelity's digital asset management process. Through emails the company has sent special codes to the Fidelity ETF customers affected by the breach to open accounts with TransUnion.

How Customers can Protect themselves from Potential Fraud and Identity Theft

The Fidelity ETF customers affected should remain vigilant in case the attackers may target them. For instance, they should carefully check their Fidelity accounts and other financial accounts for any signs of fraud. If they notice any suspicious activity they should report to the company.

It may be wise to place a fraud alert on one’s credit file. In other words, the affected person should inform the creditors to contact him/her before making any changes on his/her account. For example, the affected Fidelity customers in the United States may place the alert with cybersecurity in finance firms such as Equifax, Experian and TransUnion which are also the leading credit reporting agencies in the country . Fidelity has already provided the details on what to do to the affected individuals.

It is important for the affected customers to change their passwords although the personal information theft might not have collected such data. It is important to use a strong password which hackers cannot easily crack. In addition, they should also remain alert to scams and phishing attacks. This is because the attackers may use the stolen personal information to connect with you. It is also important to avoid clicking on links from organizations and individuals that one does not personally know. In addition, one should install anti-malware software and antivirus programs on one’s communication gadgets such as smartphones.

Finally, where possible one should use two authentications on all their accounts. This will help individuals to protect their personal and financial data from attackers. Using two factor authentications is one way of protecting one from hackers as that adds an important layer of security. For example, even if the hackers steal one’s password they can not access his/her accounts if they are protected by two factor authentication.

Fidelity’s Crypto ETF Performance

Fidelity’s crypto exchange traded products such as spot ETFs have been performing well since their launch earlier this year. As an example, the Fidelity Wise Origin Bitcoin Fund (FBTC) has racked in over $10 billion in flows. On the other hand, Fidelity Ethereum Fund (FETH), launched on 23 July, has attracted over $445 million in flows since its launch. The Following table shows the performance of Fidelity’s spot Ethereum ETF (FETH) Fidelity ETH Performance – Farside

As the table shows, so far the Fidelity spot Ethereum ETF has recorded a net inflow of $466.8 million. This shows that Fidelity’s crypto ETFs have been performing well this year.

Conclusion

In August Fidelity experienced a data breach where information of over 77,000 was stolen. After that incident the company assured its customers that it had engaged external security experts to resolve its current challenges. It has also offered the affected individuals free credit monitoring and identity restoration services. In the wake of the recent data breach the customers should also adopt responsible security measures such as changing their passwords and using two factor authentication wherever possible.

FAQs on How Fidelity Data Breach is Affecting Crypto ETF Customers

What happened in the Fidelity data breach?

Some bad actors created two Fidelity accounts before accessing personal data of over 77,000 customers. However, there is no evidence that the attackers have used any of the collected information.

How has Fidelity responded to the breach?

Fidelity is working with external security personnel to fix its challenges in order to prevent future data breaches. It has also offered free credit monitoring and identity restoration services to the affected customers.

How can the affected customers enroll in the free credit monitoring service?

The affected customers are required to open accounts with TransUnion. Through emails, every affected customer has been given a code to use in opening the account as well as full instructions on how to do so.

What should I do if I suspect fraudulent activity on my account?

If you are a Fidelity customer you should report the suspicious activity to the company. You should also change your password and avoid clicking on links from people you do not know.

Has Fidelity experienced similar data breaches in the past?

Yes, Fidelity had 3 other data breaches that occurred earlier this year. They took place on 4 and 18 March as well as on 19 July.

What measures is Fidelity taking to prevent future breaches?

Fidelity is working with specialized security personnel to find out how the breaches occurred. After full investigation it intends to introduce measures to prevent any such future data breaches.

How are the Fidelity Wise Origin Fund (FBTC) and Fidelity Ethereum Fund (FETH) in the market?

Fidelity’s two crypto ETFs have been performing well after their launch earlier this year. For example, FETH is one of the few Ethereum ETFs that have had a positive net capital inflow since its launch on 23 July.