Fidelity National Financial (FNF) has acknowledged that 1.3 million customers’ data was compromised in a cyberattack that occurred in November and was attributed to the BlackCat ransomware gang.
FNF is an American company that offers transaction services and title insurance to the mortgage and real estate sectors.
With over $23,000 in employees, a market valuation of $13.3 billion, and over $10 billion in annual revenue, it is among the biggest companies of its kind in the US.
The company issued a warning in mid-December, stating that threat actors had gained access to the network by using credentials they had stolen.
In an announcement at the time, FNF stated that business services were disrupted due to containment measures forcing it to take certain IT systems offline.
In an updated SEC Form 8-K filing filed yesterday, Fidelity National Financial verified that the cyberattack happened on November 19, 2023 and that it was successfully stopped seven days later.
The report claims that the attackers used non-propagating malware that allowed them to steal information from the compromised systems.
On December 13, 2023, the investigation that was conducted to determine the incident’s impact came to a conclusion, revealing that the hackers had taken the personal information of 1.3 million customers.
“We determined that an unauthorized third-party accessed certain FNF systems deployed a type of malware that is not self-propagating, and exfiltrated certain data,” according to FNF’s SEC filing.
“The Company has notified its affected customers and applicable state attorneys general and regulators, and approximately 1.3 million potentially impacted consumers; is providing credit monitoring, web monitoring, and identity theft restoration services; and is fielding questions from consumers.”
According to the filing, no customer-owned systems connected to the FNF systems were affected by the attack, which was limited to those systems.
FNF ends by stating that it does not think the event will materially affect its operations or financial standing and that it will “vigorously defend itself” against class action lawsuits that aim to hold it accountable for the data breach.
The BlackCat (ALPHV) ransomware gang had previously listed the company on their data leak site, claiming responsibility for the attack, though Fidelity National Financial did not mention it.
The threat actors claimed they were waiting for FNF to get in touch with them before disclosing whether or not data was taken during the attack.
Several attacks, such as those on First American, loanDepot, and Mr. Cooper, have recently targeted the mortgage and housing industry since late November. One such attack is the breach at Fidelity National Financial.
Of those, only loanDepot made it clear that they were the victim of a ransomware attack; the other companies have not disclosed any information regarding the incident’s specifics.
Cybercriminals stole the data of 1.3 million customers
According to Fidelity National Financial, hackers gained access to 1.3 million customers’ personal information in November after breaching the company’s IT system.
The $74 billion mortgage behemoth, which ranks among the US’s biggest suppliers of settlement services and title insurance, revealed the “cybersecurity incident” in an 8-K filing to the SEC that same month.
The company claimed at the time that the cyberattack forced it to stop some of its IT systems and interfered with some of its services linked to mortgages and titles.
Shortly after, the ransomware group ALPHV/BlackCat took credit for the attack, but they didn’t divulge much information about the data they were purportedly in possession of. This was prior to the gang’s dark website being taken over by law enforcement in December.
Furthermore, FNF has not yet clarified that the event was caused by a ransomware infection. The Register contacted FNF regarding the specifics of the cybersecurity incident, but they did not reply.
FNF included more information about the intrusion in an amended 8-K report submitted on Tuesday. The company claimed that the information was based on the results of its forensic investigation, which was finished on December 13.
No customer has reported that this has happened, and the company has no proof that any customer-owned system was directly impacted by the incident. November 20, 2023, is the last verified date of unauthorised third-party activity in the company’s network.”
Additionally, FNF stated that it has notified roughly 1.3 million customers whose data was compromised and will offer identity protection and credit monitoring to those who were impacted.
The company stated that it “has been named as a defendant in several lawsuits related to this incident.” Furthermore, it remains unwavering in its assertion that “we do not currently believe that the incident will have a material impact on the company.”
By doing so, it might assume it can withstand any financial damage caused by the cyberattack. Last month, Mr. Cooper, another mortgage lender, stated that it anticipates having to spend at least $25 million rectifying the data breach that nearly 14.7 million people had earlier in the year. With an annual profit of over $1 billion in 2022 and over $500 million in its current fiscal year, FNF is likely able to withstand the setback.
Apart from these two financial services companies, LoanDepot reported on Monday that it was dealing with a “cyber incident” that resulted in the downtime of certain systems. The lending behemoth revealed more information about the security blunder—which sounds like ransomware—in a later SEC filing.
“Though our investigation is ongoing, at this time, the company has determined that the unauthorized third-party activity included access to certain company systems and the encryption of data,” the 8-K report stated.
“Implement measures to secure its business operations, bring systems back online, and respond to the incident,” Fidelity said in its statement.