Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial

A ransomware group behind some of the biggest cyberattacks in 2023 has taken credit for an incident involving a multibillion-dollar player in the real estate industry.

Fidelity National Financial — a Fortune 500 provider of title insurance for property sales — acknowledged an attack in regulatory documents submitted November 21 to the U.S. Securities and Exchange Commission.

On November 22, the AlphV/Black Cat ransomware gang took credit for the intrusion, publishing a lengthy screed against the company for hiring incident responders. The group claimed the response team was from Google’s Mandiant unit.

In 8-K filings first reported by TechCrunch, Fidelity National Financial did not provide specifics about its response.

“Fidelity National Financial recently became aware of a cybersecurity incident that impacted certain FNF systems,” the company said. “FNF promptly commenced an investigation, retained leading experts to assist the Company, notified law enforcement authorities, and implemented certain measures to assess and contain the incident.”

Fidelity National Financial said that so far, the investigation has revealed the hackers accessed certain company systems and “acquired certain credentials.” The company did not respond to requests for comment about what that means.

In the filing, company officials said they were still trying to understand whether the incident would have a material impact on operations, but there were indeed issues during the initial response.

“Among other containment measures, we blocked access to certain of our systems, which resulted in disruptions to our business. For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures,” the company said.

Several real estate-focused news outlets said the attack has had significant downstream effects on the industry. Real Estate News called Fidelity National Financial the “nation's largest title insurance company” and said it has stopped many scheduled home-sale closings as a result of the attack.

Real estate agents, homebuyers and more have been left in the lurch, trying to find ways to finish sales. But the system outages mean many transactions will not be completed until this week. TechCrunch spoke to several realtors on Monday who were exasperated by the outages, which are causing delays in closings.

Fidelity National Financial owns dozens of regional title companies like National Title of New York, Chicago Title, Alamo Title and Commonwealth Land Title. TechCrunch

Cybersecurity expert Kevin Beaumont noted that like multiple major companies that have suffered hacks in recent weeks, Fidelity National Financial had tools exposed to the internet that were vulnerable to a bug known as CitrixBleed.

The top cybersecurity agencies in the U.S. released an urgent warning about the issue on November 21, warning that both nation-state hackers and cybercriminals were exploring ways to exploit the vulnerability.

Just three weeks ago, hackers targeted Texas-based mortgage giant Mr. Cooper, the largest non-bank mortgage servicer in the U.S. The attack prompted the company to lock down its systems, forcing people to pay off their loans by phone, mail service or Western Union.