Fidelity National Financial, Inc (FNF), one of the nation’s largest title insurance underwriters and providers of transaction services for the mortgage and real estate industries, has suffered a cyberattack. The extent of the breach remains unknown.
The Jacksonville-based, Fortune-500 company announced the breach in a filing with the Securities and Exchange Commission (SEC) made public on Tuesday, November 21. In the report, FNF states that it had commenced an investigation into “a cybersecurity incident that impacted certain FNF systems.” F&G Annuities & Life, a majority-owned subsidiary of FNF that provides insurance solutions, was not impacted by the incident, the company said.
The filing itself is dated November 19, indicating that the company became aware of the attack over the weekend. “Based on our investigation to date,” the SEC filing reads, “FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials.”
To contain the breach, FNF has enlisted the help of “leading experts,” informed law enforcement, and blocked access to certain systems. These measures have resulted in disruptions to services “related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries.”
Besides the SEC filing, FNF has not made any public announcements addressing the breach and has not responded to NMP’s request for comment. In its filing, FNF said that it will continue to assess the impact of the incident “and whether the incident may have a material impact on the Company.” With the investigation ongoing, the company has not stated if, or to what extent, customer data may have been exposed.
Ransomware outfit ALPHV/BlackCat claimed responsibility for the attack on November 22 in a post reportedly published to the group's leak blog. The group posted few details about what they allegedly accessed, but called out incident response specialist Mandiant's slow response to the attack. BlackCat granted FNF more time to respond or risk having more information about the attack revealed. "Wouldn't want to disclose every card at this early stage," the group wrote.
When asked for a response to the accusation, Mandiant declined to comment.
No matter whether the incident has a material impact on FNF, media reports indicate that the company's system breach disrupted closings scheduled for last week, putting borrowers in a bind. Depending on the duration of the disruption, those with already-funded loans may be stuck paying mortgages for homes they don’t yet own.
This breach comes on the heels of a cyberattack that hit Mr. Cooper Group, one of the nation’s largest mortgage servicers and lenders, on Halloween. That company faces four consumer class-action lawsuits alleging negligence and a failure to comply with industry standards regulating the safe maintenance of customer data. In the third quarter, Mr. Cooper had 4.3 million customers representing an unpaid balance (UPB) of $937 billion in its servicing portfolio.
FNF recorded more than $9 billion in total revenue in 2022 from its title business alone.