On July 10, 2013, Fidelity Investments experienced a data breach reported by the California Office of the Attorney General on July 31, 2013. An unauthorized individual gained access to a report containing sensitive personal information of **Oracle Corporation employees**, including **names and Social Security numbers**. The breach exposed confidential employee data, though the exact number of affected individuals remains undisclosed. The incident highlights a significant security lapse, as the compromised data could facilitate identity theft, financial fraud, or targeted phishing attacks against the affected employees. While the breach did not directly impact Fidelity’s customers, the exposure of third-party (Oracle) employee records underscores vulnerabilities in data handling and access controls. The breach’s discovery and reporting delay (21 days) may have further exacerbated risks, as affected individuals were left uninformed during this period. Such breaches erode trust in financial institutions’ ability to safeguard sensitive information, potentially leading to reputational damage and regulatory scrutiny. The nature of the stolen data—Social Security numbers—makes it particularly high-risk, as this information is immutable and highly valuable to cybercriminals for long-term exploitation.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-42364
TPRM report: https://www.rankiteo.com/company/oracle
"id": "ora720082025",
"linkid": "oracle",
"type": "Breach",
"date": "7/2013",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Investment Management',
'location': 'United States',
'name': 'Fidelity Investments',
'type': 'Financial Services'},
{'customers_affected': 'Unknown (employees affected)',
'industry': 'Technology',
'location': 'United States',
'name': 'Oracle Corporation',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Yes (report accessed)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2013-07-10',
'date_publicly_disclosed': '2013-07-31',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Fidelity Investments on July 31, 2013. The '
'breach occurred on July 10, 2013, when an unauthorized '
'individual accessed a report that included personal '
'information of Oracle Corporation employees, such as names '
'and Social Security numbers. The total number of individuals '
'affected is unknown.',
'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (PII exposed)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'threat_actor': 'Unauthorized Individual',
'title': 'Fidelity Investments Data Breach (2013) Affecting Oracle '
'Corporation Employees',
'type': 'Data Breach'}