Fidelity National Financial subsidiary says 1.3 million affected by November cyberattack

Jason Macuray
A subsidiary of title insurance giant Fidelity National Financial reported a data breach to state regulators this week after a cyberattack in November

A subsidiary of title insurance giant Fidelity National Financial reported a data breach to state regulators this week after a cyberattack in November.

LoanCare, one of the largest providers of loan subservicing services, told officials in Maine and California that 1,316,938 people had information accessed by hackers who breached Fidelity National Financial — their parent company.

“On or about November 19, 2023, LoanCare, which performs or has performed loan subservicing functions for your mortgage loan servicer, became aware of unauthorized access to certain systems within its parent’s, Fidelity National Financial, Inc. (“FNF”), information technology network,” they said.

“Based on our investigation, we understand that your Name, Address, Social Security Number, and Loan Number may have been obtained by the unauthorized third party.”

The notice adds that Fidelity National Financial notified law enforcement and government agencies of the attack after beginning an investigation and hiring third-party cybersecurity experts.

Although they confirmed that the incident has been contained, they said the hackers were able to exfiltrate the data. Victims are being offered two years of identity protection services from Kroll.

LoanCare was purchased by Fidelity National Financial in 2009 for $16.3 million. The attack on Fidelity National Financial — which snarled hundreds of home purchases last month across the U.S. — was claimed by the AlphV/Blackcat ransomware gang.

Real estate agents, homebuyers and more were left in the lurch for days after the attack because home sales could not be finished. Fidelity National Financial owns dozens of regional title companies like National Title of New York, Chicago Title, Alamo Title and Commonwealth Land Title.

Shortly after that attack, the AlphV gang’s leak site was seized by the FBI and other law enforcement agencies in a disruption operation that allowed them to access more than 900 public/private key pairs controlling AlphV’s darknet website infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA) said that as of September 2023, the group’s affiliates “have compromised over 1,000 entities — nearly 75 percent of which are in the United States and approximately 250 outside the United States — demanded over $500 million, and received nearly $300 million in ransom payments.”

The attack on Fidelity National Financial was part of a larger run of attacks on critical financial institutions by ransomware gangs this fall. Last week, One of the largest mortgage loan servicers in the U.S. said the information of nearly 14.7 million people was leaked during a previously reported cyberattack in October.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Australian healthcare provider St. Vincent’s has data stolen during cyberattack

Next Post

Entertainment giant National Amusements says more than 82,000 affected by cyberattack

Related Posts

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). "
Read More

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates Fuzhou, China, to support Beijing's intelligence
Read More