Connecticut State Treasurer Erick Russell said Fidelity Investments, the third-party administrator for the Connecticut Higher Education Trust, Hartford, suffered a data breach incident affecting 101 CHET 529 plan savers.
Russell stated in an Oct. 11 release that “fortunately, no accounts were accessed, and no funds were withdrawn.” However, Russell added, “a third party accessed and obtained certain personal information of 101 CHET participants.”
CHET is a 529 college savings plan sponsored by the Connecticut Office of the Treasurer and managed by Fidelity. Russell serves as the trustee of CHET.
On Oct. 9, Fidelity began notifying those affected, including CHET participants and other Connecticut residents, outlining the breach and offering resources, including free credit monitoring and identity theft insurance up to $1 million, Russell said.
“In addition, Fidelity set up a dedicated call center that is available to assist affected individuals,” Russell added. “Fidelity also informed me that they promptly terminated the unauthorized access and, based on their engagement of third-party experts, have a high degree of confidence that the conditions that led to the incident have been corrected.”
Russell further stated “while over 99.9% of CHET account holders were unaffected, this incident is a reminder of the increasing prevalence of digital threats in our daily lives.”
As of June 30, 2023, CHET’s assets totaled about $4.3 billion, according to the latest annual report.
A spokesperson for Fidelity stated that between Aug. 17 and Aug. 19, a third party accessed and obtained certain information without authorization using two customer accounts that they had recently established. “We detected this activity on Aug. 19 and immediately took steps to terminate the access,” the spokesperson noted. “An investigation was promptly launched with assistance from external security experts. The information obtained by the third party related to a small subset of our customers and the incident did not involve any access to Fidelity customers’ accounts or funds. We are notifying individuals as appropriate and providing them credit monitoring resources.”