A security breach in the family financial services firm Fidelity Investments took the security of the families most valuable asset — the $20,000 life insurance policy that protects them and their children — from the hands of a cybercriminal, the FBI said Thursday.
The cybercriminal broke into Fidelity’s secure data center and stole data related to the life insurance program, which protects nearly 200,000 families nationwide, the Federal Bureau of Investigation said.
Investigators said the attacker had access to Fidelity data, but Fidelity did not know until Wednesday that it had been hacked, FBI Special Agent in Charge Robert K. McCabe said in a statement.
The Fidelity breach was the result of a criminal investigation by the FBI’s cybersecurity unit.
The data breach affected an estimated 80 million Fidelity policies.
The investigation involved the use of a spear-phishing attack to steal the data and steal personal information.
The spear-fishing email and phone calls targeted Fidelity employees, and the victims were notified of the hack, the statement said.
The FBI said the security breaches were the result, in part, of a lack of communication and coordination between the Fidelity and U.S. authorities.
The agency did not provide further details about the breach.
The agency did say it was working with law enforcement agencies in the U.K. and France to help determine how the attack was carried out.