Close up of hacker's hand showing cyber attack

Fidelity National Financial Cyber Attack Exposed 1.3 Million Customers

The Fidelity National Financial (FNF) cyber attack leaked the personal data of 1.3 million customers, the company has disclosed in a new filing with the Securities and Exchange Commission.

FNF is one of the largest title insurance and transaction services providers in the United States, with a market capitalization of $13.3 billion, an annual revenue of over $10 billion, and a workforce of about 23,000 people.

The November 2023 cyber attack disrupted the company’s operations for nearly a week, during which the company “determined that an unauthorized third party accessed certain FNF systems,” and deployed a non-replicating malware.

On November 26, the company blocked access to affected systems, disrupting title-related services such as title insurance and escrow, mortgage transactions, and real estate technology. The incident halted mortgage payments and home sales, frustrating homebuyers, sellers, and real estate agents.

Shortly after, a Russian-speaking ransomware group ALPHV/BlackCat claimed responsibility for the attack and listed FNF on its data leak site. The ransomware gang removed FNF from the list the same day, suggesting that the mortgage services provider paid a ransom. By September 2023, BlackCat had compromised over 1,000 organizations globally, three-quarters based in the United States.

Although an investigation was still in progress, FNF anticipated that the threat actor had accessed certain systems and stolen login credentials.

“Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials. The investigation remains ongoing at this time,” FNF said.

Fidelity National Financial cyber attack impacted 1.3 million customers

In the latest SEC filing update, Fidelity National Financial concluded its investigations on December 13, 2023, and determined that the cyber attack occurred on Nov 19, 2023, and involved non-propagating malware.

“We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data,” the mortgage provider said.

It also determined that the unauthorized third parties last accessed the impacted systems on Nov 20, 2023, and its partners’ systems were not compromised.

However, the threat actors exfiltrated the customer data of 1.3 million individuals who had been notified.

The company also notified law enforcement, regulatory authorities, and attorneys general of impacted states and offered two years of “credit monitoring, web monitoring, and identity theft restoration services” with Kroll.

Neither FNF nor ALPHV/BlackCat ransomware disclosed the nature of the information stolen during the cyber attack.

Craig Jones, Vice President of Security Operations at Ontinue, suggests the stolen data included personal and financial information: “The unauthorized third party not only encrypted but also illicitly extracted sensitive data, encompassing personally identifiable information (PII) and financial data.”

Meanwhile, the financial institution does not anticipate the cyber attack will have any material impact. Additionally, FNF vowed to defend itself vigorously from several lawsuits stemming from the November cyber attack.

Cybercriminals are increasingly targeting the mortgage industry

The FNF cyberattack adds to the growing list of real estate companies impacted by ransomware attacks.

loanDepot recently disclosed it suffered a ransomware attack, while Mr. Cooper and First American were also impacted by apparent ransomware attacks in October and December 2023, respectively.

Over 14 million customers were exposed in the Mr. Cooper cyber attack, becoming one the largest mortgage data breaches in recent years.

Similarly, on December 21, 2023, Academy Mortgage notified employees and customers of a March 2023 cyber attack that exposed 285,000 individuals.

Increased digitization and the vast amount of sensitive data processed and stored guarantees that the mortgage industry remains an attractive target of cyber attacks.

“The mortgage and housing industry presents an attractive target for cybercriminals due to the immense value of the sensitive data it handles, including personal and financial information,” said Patrick Tiquet, Vice President of Security & Architecture at Keeper Security. “Many of these industries have data retention requirements for legal, compliance or regulatory reasons.”