Fiduciary Outsourcing Data Breach Affects Client Names

What Happened?

Fiduciary Outsourcing, LLC recently encountered a significant security incident involving a third-party vendor's software vulnerability. On May 31, 2023, the vendor, MOVEit, identified a zero-day vulnerability in its MOVEit Transfer solution, which is actively used by Fiduciary Outsourcing to securely transfer client data files. This vulnerability was exploited by unauthorized actors, potentially allowing them access to data stored on the platform. Fortunately, MOVEit responded swiftly with patches to fix the vulnerability by June 2, 2023, ensuring no further exploitation could occur. It's important to note that there was no breach of Fiduciary Outsourcing’s broader network security.

What Information Was Involved?

The compromised data included personal information, specifically the names of individuals. This breach was part of an incident where unauthorized parties potentially removed certain files from Fiduciary Outsourcing's network. The discovery of this data access was made on March 1, 2024, prompting immediate action from Fiduciary Outsourcing to assess and mitigate the impact.

What You Can Do

Fiduciary Outsourcing has taken steps to assist those potentially affected by this breach. They are offering Single Bureau Credit Monitoring services at no charge, which include alerts for any changes in your credit file. These alerts are communicated on the same day they occur. To enroll in these services, you need to visit the designated enrollment website and enter a unique code provided in the notification letter sent by Fiduciary Outsourcing. Remember, enrollment is available for 90 days following the receipt of the notification letter.

Additionally, it's advisable to remain vigilant by regularly reviewing your financial statements and credit reports for any unauthorized activity. You can also consider placing a Fraud Alert and a Security Freeze on your credit files. A Fraud Alert informs creditors to verify your identity before opening new accounts in your name, whereas a Security Freeze restricts access to your credit report, making it more difficult for identity thieves to open accounts in your name.

For more detailed steps on how to protect your personal information, you can refer to the full notice provided by Fiduciary Outsourcing on the Massachusetts Attorney General’s website.

For More Information

If you have any further questions or need assistance related to this incident, Fiduciary Outsourcing has established a dedicated toll-free response line. This service is staffed with professionals who are familiar with the incident and can provide guidance on how to protect against misuse of your information. The response line is available for 90 days from the date of the notification letter.