Fidelity National Financial (FNF) has revealed that around 1.3 million customers’ data may have been exposed during a ransomware attack it suffered in 2023.
The firm, which provides title insurance services to the real estate and mortgage industries, notified the Securities and Exchange Commission (SEC) of the number of potentially impacted consumers in an updated filing on January 9, 2024.
The incident was first disclosed in November 2023, and forced FNF to take down certain systems, resulting in disruption to its business operations.
The ALPHV/BlackCat ransomware group subsequently claimed responsibility for the attack, announcing FNF’s inclusion on their leak site.
New Details About the FNF Ransomware Attack
The updated filing appeared to confirm the incident was a ransomware attack.
The firm stated that following the completion of a forensic investigation on December 13, “we determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data.”
FNF said it has notified approximately 1.3 million potentially impacted consumers, and is providing them with credit monitoring, web monitoring and identity theft restoration services.
It is also continuing to coordinate with law enforcement, regulators and other stakeholders.
There is no evidence any customer-owned system was directly impacted in the incident, nor has it received any customer reports that this has occurred, the company said.
FNF successfully contained the incident on November 26, 2023, and full services have been restored. The last confirmed date of unauthorized third-party activity in its network was November 20, 2023.
“At this time, we do not believe that the incident will have a material impact on the Company,” read the filing.
Details relating to how the attackers gained initial access into the firm’s systems and the nature of the personal data that was exposed were not provided.
FNF acknowledged that it is subject to several lawsuits related to the incident and will “rigorously defend itself” against such claims.
Earlier this week (January 9), retail mortgage lender LoanDepot revealed it had suffered a significant ransomware breach, leading to issues processing customers mortgage payments.