Fidelity National Financial subsidiary says 1.3 million affected by November cyberattack

Jason Macuray
A subsidiary of title insurance giant Fidelity National Financial reported a data breach to state regulators this week after a cyberattack in November

A subsidiary of title insurance giant Fidelity National Financial reported a data breach to state regulators this week after a cyberattack in November.

LoanCare, one of the largest providers of loan subservicing services, told officials in Maine and California that 1,316,938 people had information accessed by hackers who breached Fidelity National Financial — their parent company.

“On or about November 19, 2023, LoanCare, which performs or has performed loan subservicing functions for your mortgage loan servicer, became aware of unauthorized access to certain systems within its parent’s, Fidelity National Financial, Inc. (“FNF”), information technology network,” they said.

“Based on our investigation, we understand that your Name, Address, Social Security Number, and Loan Number may have been obtained by the unauthorized third party.”

The notice adds that Fidelity National Financial notified law enforcement and government agencies of the attack after beginning an investigation and hiring third-party cybersecurity experts.

Although they confirmed that the incident has been contained, they said the hackers were able to exfiltrate the data. Victims are being offered two years of identity protection services from Kroll.

LoanCare was purchased by Fidelity National Financial in 2009 for $16.3 million. The attack on Fidelity National Financial — which snarled hundreds of home purchases last month across the U.S. — was claimed by the AlphV/Blackcat ransomware gang.

Real estate agents, homebuyers and more were left in the lurch for days after the attack because home sales could not be finished. Fidelity National Financial owns dozens of regional title companies like National Title of New York, Chicago Title, Alamo Title and Commonwealth Land Title.

Shortly after that attack, the AlphV gang’s leak site was seized by the FBI and other law enforcement agencies in a disruption operation that allowed them to access more than 900 public/private key pairs controlling AlphV’s darknet website infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA) said that as of September 2023, the group’s affiliates “have compromised over 1,000 entities — nearly 75 percent of which are in the United States and approximately 250 outside the United States — demanded over $500 million, and received nearly $300 million in ransom payments.”

The attack on Fidelity National Financial was part of a larger run of attacks on critical financial institutions by ransomware gangs this fall. Last week, One of the largest mortgage loan servicers in the U.S. said the information of nearly 14.7 million people was leaked during a previously reported cyberattack in October.

BriefsCybercrimePrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Australian healthcare provider St. Vincent’s has data stolen during cyberattack

Next Post

Entertainment giant National Amusements says more than 82,000 affected by cyberattack

Related Posts

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher
Avatar
Read More

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT
Avatar
Read More