Fidelity National Financial subsidiary says 1.3 million affected by November cyberattack

A subsidiary of title insurance giant Fidelity National Financial reported a data breach to state regulators this week after a cyberattack in November.

LoanCare, one of the largest providers of loan subservicing services, told officials in Maine and California that 1,316,938 people had information accessed by hackers who breached Fidelity National Financial — their parent company.

“On or about November 19, 2023, LoanCare, which performs or has performed loan subservicing functions for your mortgage loan servicer, became aware of unauthorized access to certain systems within its parent’s, Fidelity National Financial, Inc. (“FNF”), information technology network,” they said.

“Based on our investigation, we understand that your Name, Address, Social Security Number, and Loan Number may have been obtained by the unauthorized third party.”

The notice adds that Fidelity National Financial notified law enforcement and government agencies of the attack after beginning an investigation and hiring third-party cybersecurity experts.

Although they confirmed that the incident has been contained, they said the hackers were able to exfiltrate the data. Victims are being offered two years of identity protection services from Kroll.

LoanCare was purchased by Fidelity National Financial in 2009 for $16.3 million. The attack on Fidelity National Financial — which snarled hundreds of home purchases last month across the U.S. — was claimed by the AlphV/Blackcat ransomware gang.

Real estate agents, homebuyers and more were left in the lurch for days after the attack because home sales could not be finished. Fidelity National Financial owns dozens of regional title companies like National Title of New York, Chicago Title, Alamo Title and Commonwealth Land Title.

Shortly after that attack, the AlphV gang’s leak site was seized by the FBI and other law enforcement agencies in a disruption operation that allowed them to access more than 900 public/private key pairs controlling AlphV’s darknet website infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA) said that as of September 2023, the group’s affiliates “have compromised over 1,000 entities — nearly 75 percent of which are in the United States and approximately 250 outside the United States — demanded over $500 million, and received nearly $300 million in ransom payments.”

The attack on Fidelity National Financial was part of a larger run of attacks on critical financial institutions by ransomware gangs this fall. Last week, One of the largest mortgage loan servicers in the U.S. said the information of nearly 14.7 million people was leaked during a previously reported cyberattack in October.