Following reports of a cyberattack at Fidelity National Financial, containment measures taken at the title insurance and settlement services provider appear to have left some customers locked out of their accounts.
In a Nov. 21 filing with the Securities and Exchange Commission, the Jacksonville, Florida-based company said it had identified a cybersecurity incident within its system, immediately prompting an investigation and notification of law enforcement officials.
"The services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures," it said in an SEC 8-K filing.
"Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials," the report said. In order to limit damage from the incursion, the company said it blocked electronic access to some of the services it normally provides.
Ransomware group Alphv/Blackcat, which engineered an attack on Academy Mortgage earlier this year, claimed responsibility. However, Fidelity National itself has not stated if any personal identifiable data was compromised and has issued no additional statement since its SEC filing.
Some customers of Fidelity National and its subsidiaries said they remain unable to obtain account information online or by phone, according to Techcrunch. Concerns have also been raised about the short-term ability to close escrow among FNF clients.
The troubles at FNF are the latest in a series of cyber security incidents mortgage-related businesses have encountered this year. In another high-profile attack in late October, a data breach at national lender and servicer Mr. Cooper left many clients unable to access their accounts for over a week. That breach has so far resulted in at least six class action lawsuits.
Any sizable corporate victim in a cyberattack could spend weeks to determine the full extent of damage and type of information compromised, according to cybersecurity firm Digital Silence. Shutting down account access comes as an unwanted but necessary step to finding a solution, especially with attacks coming through web applications, a common fraud strategy.
"If there's a concern that a piece of technology in your environment was the initial point of compromise… you really want to make sure that you understand what they did to it, so you don't re-create the same problems," said J-T Gaietto, Digital Silence principal and chief of staff.
The greater quantity of data held by a business multiplies the time it takes to see the full picture after a cyber incident. "If I've got 10 records, it's really easy to see what I've lost. If I've got 10,000 records, it gets a lot harder. Now expand that across hundreds of thousands of records — terabytes upon terabytes of data," Gaietto said.
Fidelity National is also not the first title insurer to find itself dealing with the aftermath of an unanticipated cyber event. In 2019, First American Title Insurance announced it had been impacted by a data breach, which went on for months following the initial discovery of it. As a result, the SEC fined the company almost $500,000 in 2021.
This week, New York State issued an additional $1 million penalty on First American for the same breach after a multiyear investigation. In addition to the monetary fine, the company agreed to implement more robust remedial measures to better secure consumer data.
"First American failed to maintain and implement effective governance and classification, access controls and identity management and risk assessment policies and procedures," the state's department of financial services said in a press release.
In 2021, a ransomware attack on closing and settlement services platform Cloudstar, which provided support to over 42,000 title professionals across the country, also led to the disruption of industry operations for weeks.