Data Breach at Fidelity National Financial Exposes 1.3 Million To Identity Theft. Featured

Fidelity National Financial cyberattack exposes 1.3 million customers to identity theft.

On November 17 2023, Fidelity National Financial, (FNF), a real estate services company that bills itself as the “leading provider of title insurance and escrow services, and North America’s largest title insurance company, filed a notice of data breach with the Securities and Exchange Commission after discovering that a “cybersecurity incident” impacted the company’s computer network.

In a January 9th 2024 update provided to the SEC, FNF stated that sensitive personal identifying information belonging to approximately 1.3 million consumers was stolen during the breach and that FNF is providing affected consumers with credit monitoring, web monitoring, and identity theft restoration services.

What Happened?

According to its Jan 9th filing with the SEC, FNF determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data. FNF said: “We blocked access to certain of our systems, which resulted in disruptions to our business. For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures.”

Customers Left In The Dark For a Week

Real Estate News reported that the breach stopped scheduled closings, which left agents and home buyers “scrambling for solutions” as they have been told that the systems needed to complete their transactions won’t be available for another week.

According to Christine Youmans, a customer who uses LoanCare, a subsidiary of FNF to pay her mortgage, “Everything is shut down and no one can pay their mortgage and you can’t get them on the phone.”

A call to a number on the LoanCare website responded with an automated message that said: “For those of you impacted by the recent catastrophe, we hope you and your family are safe. We are here to help you and your family return to normal.”

ALPHV Ransomware Gang Claims Responsibility For Attack

Shortly after the cyberattack, the ransomware gang known as ALPHV (or BlackCat) claimed responsibility for the cyberattack on FNF in a message posted on the gang’s official dark web site.

Prior to its Jan 9th SEC filing, FNF has been reluctant to confirm that confidential consumer data was compromised during the attack. ALPHV also failed to confirm if consumer data was stolen. Rather, ALPHV’s tweet on X (formerly twitter) was more critical of FMF management for using Mandiant, a leading provider of threat intelligence and cuber secuirty, to protect its systems.

Data Breach Affects 1.3 Million Consumers

In a Jan 9th SEC update, FNF confirmed that sensitive personal identifiable information belonging to approximately 1.3 million consumers was in fact stolen and that FNF has begun the process of notifying affected consumers. FNF did not report what information was stolen although the letters should provide victims with a list of what information belonging to them was compromised.

What Do I do If I Receive a Data Breach Notification?

If you receive a data breach notification from Fidelity National Financial, Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following a data breach. Please complete the form below and a data breach lawyer will contact you to discuss your rights.


Leave a Reply

Your email address will not be published. Required fields are marked *