WASHINGTON -- Fidelity Investments is telling investors and advisors that clients' data appears not to have been captured by the hackers who infiltrated the systems of JPMorgan Chase earlier this year and may have gained access to other major firms, including Fidelity. "Through our continued cooperation with law enforcement officials, we can reiterate and have confirmed with the FBI that there is no indication Fidelity customer accounts, information, services or systems were affected by the recent attack that impacted JPMorgan Chase," Fidelity spokesman Adam Banker said in an email.
Banker touts Fidelity's "multiple layers of security" to safeguard clients' data, and says that the firm has been in contact with its advisors about the breach, which was reported last week in the Wall Street Journal.
"We are in regular communication with advisors on a range of topics, including this one," Banker says.
Even if the hackers didn't manage to access sensitive account information, however, the security breach comes as the latest reminder that digital systems in sectors like financial services are under more or less constant attack by an ever-evolving spate of bad actors.
'THE WORLD WE LIVE IN'
Understandably, that sobering reality has put some adviors on edge. According to advisors, clients aren't yet worried, but such threats are unlikely to go away.
Advisor Ryan Wibberly, co-chairman and CEO of CIC Wealth Management in Gaithersburg, Md., says he's concerned, but has not received any questions from clients and is not doing anything differently. Still, he's alarmed by the ongoing possibility of cyberthreats.
"I am very concerned about the world of electronics and finance, but there is nothing I can do about it," says Wibberly, whose firm's broker-dealer, Commonwealth, clears through Fidelity's National Financial. "I rely on my broker/dealer and custody firm to put into place the highest level of security, and I believe that they do this. Unfortunately, this is the world we live in and there will always be unscrupulous people that do criminal activity."
Mike Lomas, president and founder of Independent Solutions, a Williamsville, N.Y.-based RIA that clears through Fidelity, concurs. "Whether it's Fidelity, Home Depot or Target, there's always somebody out there trying to do something bad, and you just have to do what you can."
To that end, Lomas' firm is committed to taking the necessary steps to protect client data, including an outside audit to make sure their cybersecurity practices are sufficient. Lomas says the firm encrypts communications with customer info, using programs approved by the SEC and FINRA that make those communications delete themselves after two days. Passwords are also changed frequently. When trading, Lomas says, the firm has one tool that generates a new password every 30 seconds.
And though Lomas hasn't had any questions from clients either, "Anytime you see someone get hacked, it opens up your eyes a bit," he says.
'APPALLED AT THE SOPHISTICATION'
Still other advisors are concerned at just how good the hackers are getting.
"My reaction on this is not unique -- I am appalled at the sophistication of the hackers," says another advisor. "We know that firms like JPM and Fidelity employ countless people with significant experience and intelligence. Their primary function is to safeguard their systems to protect the confidential data of those who have entrusted this information to their firms. Yet, the hackers manage to penetrate the various firewalls and cause havoc."
That large firms with huge vaults of customer account information make for appealing targets for hackers is hardly surprising. But compliance experts warn that small firms are far from immune just by virtue of their size. After all, a small advisor practice could be viewed as a backdoor into the systems of its custodian, notes Duane Thompson, senior policy analyst at fi360, a fiduciary training firm.
"You could be holding the keys to the clients' funds even if you don't possess custody directly of those funds," Thompson says.
Fidelity and other major custodians have been advancing cybersecurity efforts within their operations, working to harden their defenses and keep the hackers at bay. Banker says those programs include working with its advisors to help promote cybersecurity awareness and keep the RIA community apprised of new threats.
"We share our cybersecurity experience and expertise through white papers and educational seminars featuring best practices and information on current and emerging trends in an effort to help advisors and other intermediaries protect their clients," Banker says.
In the meantime, the latest attacks have caught the attention of state law-enforcement authorities, who say they are looking into the extent of the breach at JPMorgan and other companies.
"We are aware of the reports linking other institutions to the same hackers purportedly responsible for the breach of JPMorgan's systems. Our investigation into that incident is ongoing," says Jaclyn Falkowski, spokeswoman for Connecticut Attorney General George Jepsen, who describes JPMorgan's response to the probe as "cooperative and forthcoming."
"We plan to follow up with any similarly situated entities if public reports are confirmed," she adds.
Kenneth Corbin is a Financial Planning contributing writer in Washington.