Fidelity National Financial attack saw hackers steal data on over a million customers

representational image of a cloud firewall
Image Credit: Pixabay (Image credit: Pixabay)

The recent cyberattack against Fidelity National Financial has been confirmed as a ransomware attack, with the company now confirming sensitive customer data was taken during the incident.

The company has filed a report with the Securities and Exchange Commission (SEC), in which it gave more details about the attack.

“We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data,” it was said in the filing, adding that it, “notified its affected customers and applicable state attorneys general and regulators, and approximately 1.3 million potentially impacted consumers.”

BlackCat strikes again

The filing did not detail the type of data that was stolen in the attack, however, TechCrunch noticed FNF said it will be providing credit monitoring and identity theft services to affected customers, concluding that the data was probably sensitive in nature. 

News first broke of the Fortune 500 firm suffering a cyberattack back in November 2023, which forced it to take many of its services offline.

“For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures,” the company said at the time. “Our majority-owned subsidiary, F&G Annuities & Life, a leading provider of insurance solutions, was not impacted by the incident.”

Soon after, operators of the ALPHV ransomware (also known as BlackCat) took responsibility for the attack, posting about it on a dark web leak site. The submission was subsequently deleted, TechCrunch reports, hinting that the company either paid for the decryptor, or at least tried to negotiate.

Fidelity National Financial is one of many large corporations that suffered a ransomware attack in recent weeks. Besides it, mortgage and loan giants LoanDepot, LoanCare, and Mr. Cooper, all fell victim to a similar incidents.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.