Fidelity Unit Fined $1.25M Over Data Breach Affecting 77,000 Customers
A subsidiary of Fidelity Investments has agreed to pay a $1.25 million fine to resolve Massachusetts’ allegations that lax cybersecurity measures led to a data breach exposing the personal information of 77,000 brokerage customers. The consent order, filed on April 27, 2026, with the Office of the Secretary of the Commonwealth, concludes the state’s investigation into the incident, which stemmed from a failure to enforce security protocols for "Image ID" verification systems.
The breach, attributed to inadequate safeguards, highlights regulatory scrutiny over financial institutions’ cybersecurity practices. Massachusetts authorities alleged that the lapse in controls allowed unauthorized access to sensitive customer data, though further details on the breach’s scope or timeline remain undisclosed.
The settlement underscores the growing financial and reputational risks for firms failing to meet compliance standards, particularly in sectors handling high-value personal and financial information. No additional penalties or corrective actions were specified in the agreement.
Source: https://www.law360.com/articles/2470178/mass-fines-fidelity-1-25m-over-image-id-data-breach
Fidelity Investments TPRM report: https://www.rankiteo.com/company/fidelity-investments
"id": "fid1777315250",
"linkid": "fidelity-investments",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '77,000',
'industry': 'Brokerage/Investment',
'location': 'Massachusetts, USA',
'name': 'Fidelity Investments (subsidiary)',
'type': 'Financial Institution'}],
'data_breach': {'number_of_records_exposed': '77,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personal and financial '
'information)',
'type_of_data_compromised': 'Personal information'},
'date_publicly_disclosed': '2026-04-27',
'description': 'A subsidiary of Fidelity Investments has agreed to pay a '
'$1.25 million fine to resolve Massachusetts’ allegations that '
'lax cybersecurity measures led to a data breach exposing the '
'personal information of 77,000 brokerage customers. The '
'breach stemmed from a failure to enforce security protocols '
"for 'Image ID' verification systems.",
'impact': {'brand_reputation_impact': 'Growing reputational risks for firms '
'failing to meet compliance standards',
'data_compromised': 'Personal information of 77,000 customers',
'financial_loss': '$1,250,000 (fine)',
'systems_affected': 'Image ID verification systems'},
'investigation_status': 'Concluded',
'lessons_learned': 'Growing financial and reputational risks for firms '
'failing to meet compliance standards in sectors handling '
'high-value personal and financial information.',
'post_incident_analysis': {'root_causes': 'Lax cybersecurity measures and '
'failure to enforce security '
"protocols for 'Image ID' "
'verification systems'},
'references': [{'source': 'Office of the Secretary of the Commonwealth, '
'Massachusetts'}],
'regulatory_compliance': {'fines_imposed': '$1,250,000',
'regulations_violated': 'Massachusetts '
'cybersecurity regulations',
'regulatory_notifications': 'Consent order filed '
'with the Office of the '
'Secretary of the '
'Commonwealth'},
'title': 'Fidelity Unit Fined $1.25M Over Data Breach Affecting 77,000 '
'Customers',
'type': 'Data Breach',
'vulnerability_exploited': "Inadequate safeguards for 'Image ID' verification "
'systems'}