1.3 Million LoanCare Customers Have Personal, Financial Data Exposed – NMP Skip to main content

1.3 Million LoanCare Customers Have Personal, Financial Data Exposed

Jan 02, 2024
The Federal Deposit Insurance Corporation (FDIC) was the source of 10 of the 16 major information security incidents that occurred within the federal government during Fiscal Year 2016
Contributing Writer

Breach revealed in filing with Maine Attorney General a month after November 19 cyberattack.

The November 19 cyberattack that temporarily took down Fidelity National Financial’s online systems exposed the personal and financial data of 1.3 million customers of LoanCare, LLC, a mortgage subservicer owned by Fidelity National Financial, the real estate and mortgage industries’ largest underwriter of title insurance.

The breach of LoanCare, specifically, was not publicly known until December 20, when LoanCare filed a notice of data breach with the Attorney General of Maine. The filing indicates the data breach occurred on November 19, but was not discovered until December 13. 

However, letters being distributed to impacted customers by LoanCare state: “On or about November 19, 2023, LoanCare, LLC (“LoanCare”), which performs or has performed loan subservicing functions for your mortgage loan servicer, became aware of unauthorized access to certain systems within its parent’s, Fidelity National Financial, Inc. (“FNF”), information technology network. Upon becoming aware of the incident, FNF commenced an investigation with the assistance of third-party experts, notified certain law enforcement and governmental authorities, and began taking measures to assess and contain the incident.”

The SEC’s new rules for public companies’ cybersecurity disclosures, effective as of Sept. 5, 2023, includes “a requirement to disclose material cybersecurity incidents four business days after a public company determines the incident is material and a requirement to disclose annually information regarding cybersecurity risk management, strategy, and governance,” per the SEC’s website.

The only LoanCare customers receiving letters are those whose personal information was compromised.
 

About the author
Contributing Writer
Ryan Kingsley is a contributing writer for NMP.
Published
Jan 02, 2024
More from
Operations
Rocket Pro Extends Purchase Credit, Names Big Pitch Finalists

Rocket adds same-business-day conditional approvals and a 12-business-day clear-to-close commitment on conventional purchase loans

Jul 07, 2026
Figure’s Prefunded Deal Shifts Rate Risk From Originators To Bond Investors

Originators get a locked exit in a private-credit market hungry for funding certainty

Jul 03, 2026
Fannie, Freddie Open FICO Score 10T Data Ahead Of Credit Score Modernization

Historical loan-level datasets covering 2013-2025 let market participants evaluate the next-generation credit model using actual GSE mortgage performance.

Jul 02, 2026
TMC Targets Rising Healthcare Costs With New Cooperative

The self-funded program aims to help eligible mortgage companies gain more control over employee healthcare costs

Jul 01, 2026
The Next Challenge In Income Verification

Digital pay stub tools are gaining traction among self-employed workers, but mortgage lenders continue relying on automated verification and multiple data sources to validate borrower income

Jun 29, 2026