The Fidelity National Financial (FNF) cyber-attack leaked the personal data of 1.3 million customers, the company has disclosed in a new filing with the Securities and Exchange Commission. FNF is one of the largest title insurance and transaction services providers in the United States, with a market capitalization of $13.3 billion, an annual revenue of over $10 billion, and a workforce of about 23,000 people.[1]
The November 2023 cyber-attack disrupted the company’s operations for nearly a week, during which the company “determined that an unauthorized third party accessed certain FNF systems,” and deployed a non-replicating malware.
On 26 November, the company blocked access to affected systems, disrupting title-related services such as title insurance and escrow, mortgage transactions, and real estate technology. The incident halted mortgage payments and home sales, frustrating homebuyers, sellers, and real estate agents.
Shortly after, a Russian-speaking ransomware group ALPHV/BlackCat claimed responsibility for the attack and listed FNF on its data leak site. The ransomware gang removed FNF from the list the same day, suggesting that the mortgage services provider paid a ransom. By September 2023, BlackCat had compromised over 1,000 organizations globally, three-quarters based in the United States. Although an investigation was still in progress, FNF anticipated that the threat actor had accessed certain systems and stolen login credentials. “Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials. The investigation remains ongoing at this time,” FNF said.
In the latest SEC filing update, Fidelity National Financial concluded its investigations on 13 December 2023, and determined that the cyber-attack occurred on 19 November, and involved non-propagating malware. “We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data,” the mortgage provider said.
It also determined that the unauthorized third parties last accessed the impacted systems on 20 November 2023, and its partners’ systems were not compromised. However, the threat actors exfiltrated the customer data of 1.3 million individuals who had been notified.
The company also notified law enforcement, regulatory authorities, and attorneys general of impacted states and offered two years of “credit monitoring, web monitoring, and identity theft restoration services” with Kroll. Neither FNF nor ALPHV/BlackCat ransomware disclosed the nature of the information stolen during the cyber-attack.
Craig Jones, Vice President of Security Operations at Ontinue, suggests the stolen data included personal and financial information: “The unauthorized third party not only encrypted but also illicitly extracted sensitive data, encompassing personally identifiable information (PII) and financial data.”
Meanwhile, the financial institution does not anticipate the cyber-attack will have any material impact. Additionally, FNF vowed to defend itself vigorously from several lawsuits stemming from the November cyber-attack. The FNF cyberattack adds to the growing list of real estate companies impacted by ransomware attacks.
loanDepot recently disclosed it suffered a ransomware attack, while Mr. Cooper and First American were also impacted by apparent ransomware attacks in October and December 2023, respectively. Over 14 million customers were exposed in the Mr. Cooper cyber-attack, becoming one the largest mortgage data breaches in recent years.
Similarly, on 21 December 2023, Academy Mortgage notified employees and customers of a March 2023 cyber-attack that exposed 285,000 individuals. Increased digitization and the vast amount of sensitive data processed and stored guarantees that the mortgage industry remains an attractive target of cyber-attacks. “The mortgage and housing industry presents an attractive target for cybercriminals due to the immense value of the sensitive data it handles, including personal and financial information,” said the Vice President of Security & Architecture at Keeper Security. “Many of these industries have data retention requirements for legal, compliance or regulatory reasons.”
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://www.cpomagazine.com/cyber-security/fidelity-national-financial-cyber-attack-exposed-1-3-million-customers/
Comments