WILLIAM Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services to pay $1.25 million for failing to enforce cybersecurity controls that led to a data breach affecting about 77,000 customers. Read more about the settlement details in ThinkAdvisor, according to ThinkAdvisor. The breach occurred between 17 and 19 August 2024, and at least 2,768 Massachusetts customers and individuals were affected.
The consent order describes how the threat actor gained access to two accounts using “true name fraud” and then operated an automated script, logging in again on 18 and 19 August 2024. During that period the actor made approximately 23.7 million image-IDs requests, accessing around 373,000 unique images of documents linked to other Fidelity customers’ accounts. The attack triggered an alert on 19 August 2024 that initially resembled a small-scale DDoS attack, but it was not a DDoS incident.