Fidelity National now says 1.3M customers had data stolen by cyber-crooks
It's still not calling it ransomware
Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November.
The mortgage giant, which has assets totaling $74 billion and is one of the largest providers of title insurance and settlement services in the US, disclosed the "cybersecurity incident" in an 8-K filing with the SEC that same month.
At the time, the corporation said the digital break-in forced it to shut down some IT systems and disrupted some of its title and mortgage-related services.
Ransomware gang ALPHV/BlackCat claimed responsibility for the attack shortly after, though the crew revealed few details about what data they allegedly stole. This was before law enforcement seized the gang's dark-web site in December.
FNF also has yet to describe the incident as a ransomware infection, and did not respond to The Register's inquiries about the nature of the cybersecurity incident.
In an amended 8-K report filed on Tuesday, FNF provided additional details about the intrusion that it said were based on the findings of its forensic investigation, which was completed on December 13.
"We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data," the SEC filing says. "The company has no evidence that any customer-owned system was directly impacted in the incident, and no customer has reported that this has occurred. The last confirmed date of unauthorized third-party activity in the company's network occurred on November 20, 2023."
FNF also said it notified about 1.3 million customers whose data was stolen, and will provide credit monitoring and identity services to those affected.
- BlackCat claims it is behind Fidelity National Financial ransomware shakedown
- Mr Cooper cyberattack laid bare: 14.7M people's info stolen, costs hit $25M
- Be honest. Would you pay off a ransomware crew?
- After injecting cancer hospital with ransomware, crims threaten to swat patients
The biz added it "has been named as a defendant in several lawsuits related to this incident." And it still maintains that, "at this time, we do not believe that the incident will have a material impact on the company."
By that, it may think it can absorb any financial hit from the cyberattack. Another mortgage lender, Mr Cooper, last month said it expects to spend at least $25 million cleaning up its earlier security breach, which saw almost 14.7 million people's data stolen. FNF's 2022 annual profit was over a billion dollars, and has crossed $500 million in its financial year to date; it can probably take the hit.
In addition to these two financial services firms, LoanDepot on Monday said it is experiencing a "cyber incident" that has taken some systems offline. The loan giant in a subsequent SEC filing provided additional details about the security snafu, which sounds like ransomware.
"Though our investigation is ongoing, at this time, the company has determined that the unauthorized third party activity included access to certain company systems and the encryption of data," LoanDepot said in its 8-K report.
Fidelity continues to "implement measures to secure its business operations, bring systems back online and respond to the incident," it added. ®