A hacker set up two Fidelity accounts and used them to gain access to personal data connected to nearly 77,100 clients, the financial services giant has told authorities and those affected by the August breach.
"Between August 17 and August 19, a third party accessed and obtained certain information without authorization using two customer accounts that they had recently established. We detected this activity on August 19 and immediately took steps to terminate the access," Fidelity said in a letter sent to customers on Wednesday.
"An investigation was promptly launched with assistance from external security experts. The information obtained by the third party related to a small subset of our customers. Please note that this incident did not involve any access to your Fidelity account(s)," it said.
The sample letter, posted Wednesday on the Maine attorney general's office website, redacted details on the specific data exposed.
Fidelity said it wasn't aware of any misuse of customers' personal information but has arranged for those affected to enroll for free in a credit monitoring and identity restoration service for 24 months.