Fidelity National, Loancare hit with lawsuit after cyberattack

Img

A class action suit was filed last week against mortgage subservicer Loancare and its parent company, Fidelity National Financial, following a November cyberattack

Attorneys for class plaintiff Teneika Tillis filed a complaint in the U.S. District Court for Central California on Dec. 12, as first reported by Law360. Lawyers representing Tillis, a resident of Fortuna, California, cited negligence, breach of contract and unjust enrichment among several alleged counts lodged against both defendants and demanded a jury trial. 

"The data breach itself and information defendants have disclosed about the breach to date, including its length, the need to remediate defendants' cybersecurity and the sensitive nature of the impacted data, collectively demonstrate defendants failed to implement reasonable measures," the filing stated.

In an 8-K Securities and Exchange Commission filing dated Nov. 21, Fidelity National disclosed it had been impacted by a "cybersecurity incident," which left clients locked out of their accounts for several days. On Nov. 29, Loancare released a statement to customers indicating its websites were offline, a situation it was working to rectify, and that no late fees would be assessed. 

On Dec. 6, FNF issued another SEC filing, indicating the incident had been contained by Nov. 26 and services had resumed.

The plaintiff, a Loancare servicing client, filed the lawsuit "upon information and belief" that her personal identifiable information had been compromised. 

Tillis' lawyers also maintain that Loancare should have been on notice of inadequate security  measures after it reported a data breach around August 2022. "Defendants thus failed to take reasonable measures to secure its system," the lawsuit said.

Loancare serves approximately 1.5 million mortgage customers across the country, according to its website. 

Parent company Fidelity National has yet to publicly disclose what type of personal information may have been acquired by cyber criminals, nor the number of clients affected by the November incident. But in subsequent days, ransomware group Alphv/Blackcat claimed responsibility for the attack. The group was behind a similar event earlier in 2023 targeting Academy Mortgage, as well as a highly publicized incident impacting MGM hotels in Las Vegas this fall. 

Fidelity National is also one of the largest providers of title insurance and other settlement services in the country via its subsidiaries but owns several real estate related and technology businesses, such as Loancare and Serviceline. The company recently announced it would increase its investment in its life insurance subsidiary as well. 

In a virtual chat conducted by Keefe, Bruyette & Woods on Dec. 6, Fidelity National CEO Mike Nolan said it was difficult at the time to assess the amount of title business lost in November as a result of the cyber event. Impact was likely limited as it occurred just prior to the Thanksgiving weekend.  

The title business had "two to three days where we really were limited in the ability to close, but our people in the field really worked hard to work with the clients to see what could be rescheduled, what could be moved to another day," Nolan said, adding appointments resumed at the end of November. 

Company officials deferred questions regarding whether consumer data was compromised, but noted in its December SEC filing that it had cyber insurance with a $10 million retention.

The California lawsuit did not list an amount for monetary damages but requested "equitable relief with pre-judgment and post-judgment interest" to the plaintiff and members of the class, in addition to an injunction against the defendants and award for counsel's fees and costs. Attorneys from Southern California-based firms Kazerouni Law Group and Blood, Hurst & O'Reardon are representing Tillis.


More From Life Style