Fidelity Sued for Hack Exposing 77,000 Clients’ Finance Data (1)

Fidelity Investments’ failure to adequately secure its computer systems led to an August data breach exposing the sensitive personal and financial data of more than 75,000 clients, a proposed class action said.

The company, also known as Fidelity Management & Research, didn’t follow standard cybersecurity practices, such as encrypting client information and providing sufficient employee training, according to a complaint filed Tuesday in the US District Court for the District of Massachusetts.

Massachusetts-based Fidelity is “one of the world’s largest asset managers,” the complaint said, “with over $5.4 trillion in assets under management as of June 2024.”

Cybercriminals accessed the asset manager’s computer network between Aug. 17 and 19, gaining access to names, Social Security numbers, financial account information, and driver’s license information, according to the complaint.

The hack affected 77,099 people, according to an Oct. 9 data breach notification to the Maine attorney general.

Plaintiff Peggie Little, a Tennessee resident, also accused Fidelity of not providing timely notice of the breach to customers. The complaint said the firm didn’t disclose it “for several weeks” after it occurred.

The proposed class action alleged negligence, breach of implied contract, and unjust enrichment. It seeks reimbursement of litigation costs and monetary relief.

The suit’s demands also include asking the court to require Fidelity to segment customer data, stop transmitting personal data via unencrypted emails, hire third-party auditors, and employ internal security personnel to conduct testing.

Representatives for Fidelity didn’t immediately respond to a request for comment.

Siri & Glimstad LLP and Murphy Law Firm represent the plaintiff.

The case is Little v. FIDELITY INVESTMENTS a/k/a FMR LLC, D. Mass., No. 1:24-cv-12625, complaint filed 10/15/24.