The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.
Fidelity National Financial (FNF), the nation’s biggest title insurer, continues to cope with the impacts of a reported ransomware attack that left the company’s public-facing website dark Monday and is disrupting the provision of title and escrow services.
Other title-related services, mortgage transaction services, and technology that FNF provides to the real estate and mortgage industries have also been affected, the company said in disclosing a “cybersecurity incident” in a Nov. 21 Securities and Exchange Commission filing.
The company has not responded to inquiries from Inman or other news media outlets that have reported FNF is the target of a ransomware attack. Affected FNF subsidiaries include mortgage loan subservicer LoanCare and 1031 exchange facilitator IPX1031, TechCrunch reported.
Representatives for IPX1031 and LoanCare’s parent company, ServiceLink, did not immediately respond to Inman’s requests for comment.
The Register, a publication for information technology professionals, reported that a ransomware group known as ALPHV (BlackCat) claimed responsibility for the attack on Nov. 22.
On Nov. 21 — the same day that FNF disclosed that it was responding to a cybersecurity incident — the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory with other agencies warning of a software vulnerability being exploited by “multiple threat actor groups.”
The ransomware groups include LockBit 3.0 and affiliates, which have become “the world’s top ransomware threat,” targeting more than 1,700 American organizations in industries including financial services, food, schools, transportation and governments, Reuters reported, hitting big companies like Boeing, ION and the Industrial & Commercial Bank of China this year.
Ransomware groups typically target companies by installing malicious code that encrypts data and then demand payment of ransom to unlock the data.
In their Nov. 21 advisory, the FBI and CISA said ransomware groups are exploiting Citrix Bleed, a vulnerability that affects Citrix’s NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. Many companies including FNF are thought to have patched the Citrix Bleed vulnerability but not before hackers gained access to sensitive systems.
FNF said in its SEC filing only that an “unauthorized third party accessed certain FNF systems and acquired certain credentials.” The company “promptly commenced an investigation, retained leading experts to assist the company, notified law enforcement authorities, and implemented certain measures to assess and contain the incident. Among other containment measures, we blocked access to certain of our systems, which resulted in disruptions to our business.”
While FNF’s company website was down Monday, the websites of subsidiaries Chicago Title, Fidelity National Title and Commonwealth Land Title were up and running. In addition to title and escrow services, FNF facilitates the production and management of mortgage loans through its subsidiary ServiceLink Holdings.
FNF said another majority-owned subsidiary, insurance provider F&G Annuities & Life, was not impacted by the incident.
Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.