Cyber Incident Victim: Fidelity Building Services Group
Date:
Jan 2023
Location:
United States of America
Summary
Fidelity Building Services Group experienced a data breach where an unauthorized party accessed sensitive consumer information, including names, Social Security numbers, driver's license numbers, and other government-issued identification numbers. The company, which provides technical building services through multiple subsidiaries, reviewed affected files and began notifying impacted individuals via data breach letters. Over 300 victims were confirmed in Texas alone, though the total scope remains unconfirmed. The incident exposed victims to potential identity theft risks due to the compromise of highly sensitive personal identifiers entrusted to the organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 6, 2023, Fidelity Building Services Group filed a notice with the Texas Attorney General disclosing a data breach involving unauthorized access to consumer information. The incident occurred when an external party gained access to confidential data entrusted to the company, though the specific date of the intrusion and method of access were not detailed in the filing. Following the discovery, Fidelity initiated a review of affected files to identify compromised information and impacted individuals. The investigation confirmed that exposed data included consumers' first and last names, Social Security numbers, driver's license numbers, and other government-issued identification numbers. On the same day as the Texas filing, Fidelity began distributing data breach notification letters to affected individuals, though the company did not publicly post breach details on its website. The Texas Attorney General's office reported at least 300 impacted residents within the state, though the total number of victims across other jurisdictions remained unconfirmed at the time of reporting. Fidelity Building Services Group, a Maryland-based provider of technical building services founded in 1945, operates numerous subsidiary companies across the commercial and industrial facilities sector.
The breach exposed highly sensitive personal identifiers that significantly increase victims' risk of identity theft and financial fraud, as cybercriminals could potentially misuse the compromised Social Security and government ID numbers. While Fidelity confirmed the unauthorized access and data exposure through its regulatory filing, the company did not disclose technical details regarding the attack vector, duration of system access, or specific security measures that were circumvented. Legal analysts noted that affected individuals retain rights to pursue legal action against companies that negligently safeguard personal data, though no determinations regarding Fidelity's compliance with data protection obligations had been established at the time of reporting. The incident impacted customers whose information was stored within Fidelity's systems, though the company did not specify whether the breach affected specific subsidiaries within its portfolio of 20+ operating companies. With over 661 employees and $268 million in annual revenue, Fidelity's breach represents a significant cybersecurity event in the building services sector, particularly given the sensitivity of the exposed government-issued identification documents.