Otherfidelity data breach settlement
Summary (tl;dr)
Fidelity will pay $1.25 million to Massachusetts regulators and $2.5 million to settle a class-action lawsuit following a 2024 data breach that exposed sensitive personal and financial information of approximately 77,000 customers.
Essential Background
Between August 17 and August 19, 2024, an unauthorized third party accessed Fidelity's computer network, obtaining images of documents containing sensitive information such as Social Security numbers, driver's licenses, financial account details, and medical information. This breach, which affected about 77,000 individuals, was reportedly due to vulnerabilities in Fidelity's internal cybersecurity controls. Fidelity detected the incident on August 19, 2024, and began notifying affected individuals around October 9, 2024.
The Full Story
Fidelity has recently agreed to two significant settlements stemming from the August 2024 data breach. The company will pay $1.25 million to the Massachusetts Secretary of the Commonwealth, William Galvin, to resolve allegations that it failed to adequately protect client data and notify all affected individuals, including non-customers and minors. Separately, a U.S. district judge in Massachusetts preliminarily approved a $2.5 million class-action lawsuit settlement for individuals whose financial account and routing numbers were compromised during the incident. Under the terms of this class-action settlement, eligible individuals can claim up to $5,000 for documented monetary losses related to the breach, along with a potential cash payment, with a deadline to file claims by July 27, 2026.
Why It Matters
These settlements underscore the increasing regulatory and legal scrutiny faced by financial institutions regarding their cybersecurity practices and the protection of customer data. For consumers, the trend highlights the critical importance of strong data security measures by companies handling sensitive information and reinforces their rights to compensation and protection following a breach. It also serves as a reminder for individuals to remain vigilant against potential identity theft and fraud by monitoring financial accounts and credit reports.
Geographic Location
- Boston, Suffolk County, Massachusetts, United States (Fidelity headquarters, location of regulatory settlement with the Massachusetts Secretary of the Commonwealth)
- District of Massachusetts, United States (U.S. District Court where the class-action settlement was preliminarily approved)