BlackCat ransomware attackers steal data of 1.3 million Fidelity Nation Financial customers

The incident first came to light in November last year

Fidelity National Financial is a leading company in the real estate and mortgage industry in the United States, which recently fell victim to a significant cyberattack. This attack was later attributed to the notorious BlackCat ransomware gang, resulting in sensitive user information being compromised.

FNF, known for its substantial presence in the industry with annual revenues of over $10 billion^[1] and a workforce of more than 23,000, reported the breach to have occurred on November 20, 2023. The attack led to unauthorized access and extraction of data from FNF's systems, disrupting its IT systems and business services. Despite the attack being contained within 7 days, it had widespread implications for the company and its customers.

The aftermath of the attack saw the company taking proactive steps to manage the fallout. Regulatory bodies and customers were notified immediately and were also provided credit monitoring, web monitoring, and identity theft restoration services.

Fidelity National Financial assured that the breach was confined to its systems, preventing any extension to customer-owned systems connected to FNF. They also stated confidence that this incident would not have a material impact on their financial health or operations.

The beach did not extend to the customers' systems

Detailed investigations into the cyberattack uncovered the use of a non-propagating type of malware by the attackers. This malware was instrumental in the exfiltration of data from FNF’s breached systems. In the company's SEC filing, it was revealed that personal data belonging to approximately 1.3 million customers were compromised in this breach.^[2]

FNF’s response to this incident was swift and comprehensive, involving the notification of affected parties, including customers, state attorneys general, and regulators, along with the provision of various protective services to those potentially impacted. This, however, can't undo the damage that it could cause to customers.

FNF also addressed the breach by implementing containment measures, which ensured that the breach remained limited to its systems, safeguarding any connected customer-owned systems from the attack.

Despite the breach's severity, FNF maintained that it would not significantly affect its financial position or operational capabilities. This incident highlighted the importance of cybersecurity in protecting sensitive data and the importance of immediate and effective response strategies to mitigate the impact of such breaches.

Black Cat claimed numerous victims throughout 2023

The frequency of cyberattacks in the mortgage and housing industry is increasing, as shown Fidelity National Financial breach – and there are many more.

Other notable companies in the industry, such as First American,^[3] loanDepot, and Mr. Cooper, have also been targeted, with each company experiencing varying levels of disclosure regarding their incidents.

The Black Cat ransomware gang, also known as ALPHV, is known for its involvement in several high-profile cyberattacks throughout 2023. This group often claims responsibility for such incidents on their data leak sites, as was the case with FNF. They disclosed the breach on their website on November 22, 2023, just two days after the attack occurred.^[4]

It is unclear whether the information was stolen during the malware attack (the attackers were allegedly waiting for the company to contact them first), although the malicious actors added the name of FNF to the list of victims on their data leak website.