Hackers Breaches Fidelity National Financial to Steal 1.3 Million People’s Data

Recently, Fidelity National Financial (FNF) reported that the cyber attack in November last year has brought the data of 1.3 million people to light. As per the reports, the BlackCat ransomware gang has taken responsibility for this attack.

FNF is a US-based Title Insurance & Transaction service-providing company for the mortgage & real estate industries. It is among the largest US-based companies in this industry, with a capitalization of $13.3 billion, an annual turnover of $10+ billion, and approximately 23,000 employees.

In mid-December 2023, the company made an alert that a cyberattack had been carried out on its database, and the customer credentials had been stolen. The announcement by Fidelity National Financial made it clear that the isolation measures forced the company to take certain servers offline, impacting their business services. FNF confirmed in an amended SEC Form 8-K yesterday that the attack happened in November 2023. Also, it was contained successfully within 7 days later.

As per FNF's SEC filing, "We determined that an unauthorized third-party accessed certain FNF systems deployed a type of malware that is not self-propagating, and exfiltrated certain data. The Company has notified its affected customers and applicable state attorneys general and regulators, and approximately 1.3 million potentially impacted consumers; is providing credit monitoring, web monitoring, and identity theft restoration services; and is fielding questions from consumers."

According to the complaint, no customer-owned systems connected to the FNF systems were affected by the attack, which was limited to those systems. FNF ends by stating that it does not think the event will materially affect its operations or financial standing and will "vigorously defend itself" against class action lawsuits that aim to hold it accountable for the data leak.

The BlackCat (ALPHV) ransomware group had previously listed the company on their data breach site, claiming credit for the attack. However, Fidelity National Financial did not identify it. The threat actors said they were waiting for FNF to contact them before disclosing whether or not data was taken during the attack.

Since late November, several attacks, such as those on First American, loanDepot, and Mr. Cooper, have recently attacked the mortgage and housing business. One such attack is the breach at Fidelity National Financial. Of those, only loanDepot made it clear that they were the victim of a ransomware assault; the other companies have not disclosed any information regarding the incident's specifics.