Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers.
FNF is an American title insurance and transaction services provider for the real estate and mortgage industries.
It is one of the largest companies of this kind in the United States, with an annual revenue of more than $10 billion, a market capitalization of $13.3 billion, and an employee force of over 23,000 people.
In mid-December, the firm warned that it had suffered a cyberattack after the threat actors accessed the network using stolen credentials.
FNF’s announcement from the time explained that containment measures forced it to take certain IT systems offline, disrupting business services.
Yesterday, Fidelity National Financial confirmed in an amended SEC Form 8-K filing that the cyberattack occurred on November 19, 2023, and was successfully contained seven days later.
According to the filing, the attackers used a non-propagating malware that could exfiltrate data from the breached systems.
The investigation that followed to appreciate the impact of the incident was concluded on December 13, 2023, revealing that the intruders had stolen the data of 1.3 million customers.
“We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data,” reads FNF’s SEC filing.
“The Company has notified its affected customers and applicable state attorneys general and regulators, and approximately 1.3 million potentially impacted consumers; is providing credit monitoring, web monitoring, and identity theft restoration services; and is fielding questions from consumers.”
The filing clarifies that the breach was contained on FNF systems, and the attack has not extended to any of the connected customer-owned systems.
FNF concludes by saying that it does not believe the incident will have any material impact on its financial status and operations and pledges to “vigorously defend itself” against class action lawsuits targeting it for this data breach.
While not mentioned by Fidelity National Financial, the BlackCat (ALPHV) ransomware gang previously claimed responsibility for the attack by listing the company on their data leak site.
The threat actors did not say whether data was stolen in the attack, stating they were waiting for FNF to contact them first.
The Fidelity National Financial breach is one of the many attacks that have recently targeted the mortgage and housing industry since late November, including First American, loanDepot, and Mr. Cooper.
Of those, only loanDepot clarified that they suffered a ransomware attack, while all other firms have not shared any details about the nature of the incident.