Fidelity National now says 1.3M customers had data stolen by cyber-crooks • The Register

/in


Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November.

The mortgage giant, which has assets totaling $74 billion and is one of the largest providers of title insurance and settlement services in the US, disclosed the “cybersecurity incident” in an 8-K filing with the SEC that same month.

At the time, the corporation said the digital break-in forced it to shut down some IT systems and disrupted some of its title and mortgage-related services.

Ransomware gang ALPHV/BlackCat claimed responsibility for the attack shortly after, though the crew revealed few details about what data they allegedly stole. This was before law enforcement seized the gang’s dark-web site in December.

FNF also has yet to describe the incident as a ransomware infection, and did not respond to The Register‘s inquiries about the nature of the cybersecurity incident.

In an amended 8-K report filed on Tuesday, FNF provided additional details about the intrusion that it said were based on the findings of its forensic investigation, which was completed on December 13.

“We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data,” the SEC filing says. “The company has no evidence that any customer-owned system was directly impacted in the incident, and no customer has reported that this has occurred. The last confirmed date of unauthorized third-party activity in the company’s network occurred on November 20, 2023.”

FNF also said it notified about 1.3 million customers whose data was stolen, and will provide credit monitoring and identity services to those affected. 

The biz added it “has been named as a defendant in several lawsuits related to this incident.” And it still maintains that, “at this time, we do not believe that the incident will have a material impact on the company.” 

By that, it may think it can absorb any financial hit from the cyberattack. Another mortgage lender, Mr Cooper, last month said it expects to spend at least $25 million cleaning up its earlier security breach, which saw almost…

Source…