Fidelity Investments A.I CyberSecurity Scoring
Fidelity Investments
Company Information
Website:http://www.fidelity.com
Employees number:84,396
Number of followers:1,273,904
NAICS:52
Industry Type:Financial Services
Homepage:fidelity.com
Fidelity Investments Risk Score (AI oriented)
Between 550 and 599
Fidelity InvestmentsFinancial Services
Updated:
19/05/2026
19/05/2026
585/1000
Very Poor
Ca
Fidelity Investments Global Score (TPRM)
xxxx
Fidelity InvestmentsFinancial Services
Score locked

Fidelity InvestmentsVery Poor
Current Score
585Ca (VERY POOR)
01000
8 incidents
-45 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
591
JUNE 2026
590
MAY 2026
583
APRIL 2026
658
Breach
26 Apr 2026 • Fidelity Investments
Fidelity Investments: Mass. Fines Fidelity $1.25M Over 'Image ID' Data Breach
Fidelity Unit Fined $1.25M Over Data Breach Affecting 77,000 Customers
582
CRITICAL-76
FID1777315250
Fidelity Unit Fined $1.25M Over Data Breach Affecting 77,000 Customers
A subsidiary of Fidelity Investments has agreed to pay a $1.25 million fine to resolve Massachusetts’ allegations that lax cybersecurity measures led to a data breach exposing the personal information of 77,000 brokerage customers. The consent order, filed on April 27, 2026, with the Office of the Secretary of the Commonwealth, concludes the state’s investigation into the incident, which stemmed from a failure to enforce security protocols for "Image ID" verification systems.
The breach, attributed to inadequate safeguards, highlights regulatory scrutiny over financial institutions’ cybersecurity practices. Massachusetts authorities alleged that the lapse in controls allowed unauthorized access to sensitive customer data, though further details on the breach’s scope or timeline remain undisclosed.
The settlement underscores the growing financial and reputational risks for firms failing to meet compliance standards, particularly in sectors handling high-value personal and financial information. No additional penalties or corrective actions were specified in the agreement.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
653
FEBRUARY 2026
650
JANUARY 2026
649
DECEMBER 2025
656
Cyber Attack
01 Dec 2025 • Fidelity Investments
Navy Federal Credit Union, USAA, Citibank, Fidelity Investments and Wells Fargo: Operation DoppelBrand: Weaponizing Fortune 500 Brands
Operation DoppelBrand: Sophisticated Phishing Campaign Targets Fortune 500 Firms
642
CRITICAL-14
CITWELNAVUSAFID1771266975
Operation DoppelBrand: Sophisticated Phishing Campaign Targets Fortune 500 Firms
An elusive cyberthreat group known as GS7 has been running Operation DoppelBrand, a large-scale phishing campaign targeting Fortune 500 companies, financial institutions, and high-value entities worldwide. First observed between December 2025 and January 2026, the operation leverages near-perfect replicas of corporate login portals to steal credentials and deploy remote management and monitoring (RMM) tools for further exploitation.
### Key Details of the Campaign
- Targets: Primarily U.S.-based financial institutions including Wells Fargo, USAA, Navy Federal Credit Union, Fidelity Investments, and Citibank alongside technology, healthcare, and telecommunications firms in Europe and other regions.
- Tactics: GS7 registers over 150 malicious domains via registrars like NameCheap and OwnRegistrar, routing traffic through Cloudflare to evade detection. Attackers exfiltrate stolen data usernames, passwords, IP addresses, geolocation, device fingerprints, and timestamps to Telegram bots controlled by the group.
- Infrastructure: The group has operated since at least 2022, with claims of activity dating back nearly a decade. Researchers linked GS7 to Brazilian cybercrime forums, where stolen credentials and financial data are traded.
- Impact: Beyond credential theft, GS7 installs RMM tools on victim systems, enabling remote access or malware deployment. The campaign’s sophistication including rotating infrastructure and meticulous branding mimicry has allowed it to evade detection until now.
### Researcher Findings
Security firm SOCRadar uncovered the operation, identifying a Telegram group ("NfResultz by GS") tied to the threat actor. A self-proclaimed GS7 member provided screenshots of past campaigns, including a Fidelity Investments phishing demo that triggered RMM tool downloads upon login. SOCRadar released TTPs (tactics, techniques, and procedures) and IoCs (indicators of compromise) to help defenders track the group’s activities.
With English-speaking markets as the primary focus, GS7’s DoppelBrand campaign remains active, underscoring the growing threat of highly organized, financially motivated phishing operations.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
656
OCTOBER 2025
653
SEPTEMBER 2025
650
AUGUST 2025
647
AUGUST 2024
651
Breach
17 Aug 2024 • Fidelity Investments
Fidelity Investments
Fidelity Investments Data Breach
600
CRITICAL-51
FID013072825
On October 3, 2024, Fidelity Investments reported a data breach involving unauthorized access to documents related to a small subset of its customers between August 17 and August 19, 2024. The breach affected 2,731 Washington residents, with compromised information including birth dates, driver's license numbers, and Social Security numbers. Fidelity began notifying affected individuals on October 9, 2024, and is offering two years of free credit monitoring services.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2024
781
Breach
01 Jan 2024 • Fidelity Investments
Fidelity Brokerage Services: Fidelity to pay $1.25 million over 2024 data breach affecting 77,000 customers
Fidelity Brokerage Services 2024 Data Breach
625
CRITICAL-156
FID1777381741
Fidelity Brokerage Services to Pay $1.25 Million Over 2024 Data Breach
Fidelity Brokerage Services, a leading U.S. financial services firm, has agreed to a $1.25 million settlement to resolve regulatory allegations tied to a 2024 data breach. The incident exposed sensitive personal information of approximately 77,000 customers and associated individuals, as confirmed by Massachusetts officials on Monday.
The breach, which occurred earlier this year, raised concerns over the security of customer data within the financial sector. While details on the exact cause remain limited, the settlement underscores the regulatory scrutiny and financial consequences facing firms following cybersecurity failures. The exposed data’s nature and potential misuse risks have not been fully disclosed, but the incident highlights ongoing vulnerabilities in financial institutions’ data protection measures.
The resolution follows a broader trend of increased enforcement actions against companies failing to safeguard customer information, reinforcing the need for robust cybersecurity protocols in the financial industry.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Breach
01 Jan 2024 • Fidelity Investments
Fidelity Investments: Fidelity Investments Agrees to Pay $2.5 Million Over Data Breach
Fidelity Investments 2024 Data Breach Lawsuit Settlement
625
CRITICAL-156
FID1773261741
Fidelity Investments to Pay $2.5 Million to Settle 2024 Data Breach Lawsuit
Fidelity Investments has agreed to a $2.5 million settlement in a proposed class-action lawsuit over a 2024 data breach that exposed the personal information of more than 155,000 individuals. The preliminary approval of the deal was filed on Tuesday in the U.S. District Court for the District of [jurisdiction not specified].
Under the settlement terms, affected class members may receive up to $5,000 in reimbursement for documented financial losses tied to the breach, along with two years of credit monitoring services. Additionally, they will be eligible for a pro rata cash payment of approximately $100.
The breach, which occurred earlier this year, raised concerns over Fidelity’s data protection measures, prompting legal action from impacted individuals. The settlement resolves allegations that the financial services firm failed to adequately safeguard sensitive personal information. Further details on the breach’s scope and the timeline for claims processing are expected as the case progresses.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2023
783
Vulnerability
29 Oct 2023 • Fidelity Investments
Fidelity Investments Life Insurance
Data Breach at Fidelity Investments Life Insurance & Empire Fidelity Investments Life Insurance
779
HIGH-4
FID150072625
The Maine Office of the Attorney General reported a data breach involving Fidelity Investments Life Insurance & Empire Fidelity Investments Life Insurance on March 18, 2024. The breach occurred between October 29, 2023, and November 2, 2023, due to a third-party software vulnerability at vendor Infosys McCamish Systems LLC, affecting 29,073 individuals, including 170 residents. Social Security Numbers were among the compromised information.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2020
801
Breach
01 Jan 2020 • Fidelity Investments
Fidelity Investments, LPL Financial, Mercer and Ameriprise Financial: Fidelity's $2.5M Data Breach Settlement: What Clients Should Know
Fidelity Investments Data Breach and Fine
738
CRITICAL-63
FIDLPLAMEMER1779194480
Fidelity Fined $1.25M Over Data Breach as Financial Sector Faces Rising Cybersecurity Risks
A recent data breach at Fidelity Investments has resulted in a $1.25 million fine, highlighting growing cybersecurity vulnerabilities in the financial services sector. The breach, which exposed sensitive client information, was part of a broader pattern of cyber incidents affecting major firms, including Ameriprise Financial and Mercer, both of which have faced legal and regulatory repercussions.
Key Details:
- Fidelity’s Breach & Fine: The company was penalized for failing to adequately protect customer data, though specifics of the breach such as the number of affected individuals remain undisclosed. The fine follows a separate $2.5 million settlement related to an earlier incident.
- Ameriprise Breach: Nearly 48,000 clients were impacted by a data exposure, though the company has not released full details on the cause or scope.
- Mercer’s Legal Challenges: The consulting firm is facing lawsuits over a data breach, underscoring the legal and financial risks of cybersecurity failures.
- LPL Financial Incident: A phishing attack led to unauthorized transactions, demonstrating how social engineering remains a persistent threat to financial institutions.
Broader Impact:
These incidents reflect escalating cyber threats targeting wealth management, investment advisory, and insurance firms. Regulatory scrutiny is intensifying, with fines and legal actions serving as a warning to the industry. The breaches also raise concerns about the exposure of Social Security numbers, client financial records, and other sensitive data, which could lead to identity theft or fraud.
As financial firms grapple with evolving cyber risks, the fallout from these breaches underscores the need for stronger security measures and compliance protocols.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JULY 2014
814
Breach
01 Jul 2014 • Fidelity Investments
Fidelity Investments
Fidelity Investments Data Breach
768
MEDIUM-46
FID431071725
On July 1, 2014, the Massachusetts Office of Consumer Affairs and Business Regulation reported a data breach involving Fidelity Investments, affecting 8 residents. The breach compromised electronic records, specifically involving account numbers. This incident highlights the vulnerability of financial institutions to data breaches, which can lead to significant financial and reputational damage. The compromised account numbers could potentially be used for fraudulent activities, putting the affected individuals at risk of financial loss and identity theft.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Fidelity Investments ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in June 2026 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in May 2026 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in April 2026 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in March 2026 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in February 2026 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in January 2026 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in December 2025 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in November 2025 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in October 2025 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in September 2025 ??
What was Fidelity Investments's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Fidelity Investments's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Fidelity Investments ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Fidelity Investments's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?