Inman

LoanCare says data breach affected 1.3M mortgage customers

The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.

Mortgage loan subservicer LoanCare LLC has notified more than 1.3 million homeowners that hackers may have gained access to personal information including their name, address, Social Security number and mortgage loan number during a cyberattack on parent company Fidelity National Financial (FNF).

Although LoanCare is informing consumers that it has “no indication of fraudulent use of your personal information,” it’s offering them 24 months of free identity monitoring services through Kroll.

The nation’s largest title insurer, Fidelity National Financial (FNF) discovered on Nov. 19 that an unauthorized third party had accessed certain systems and acquired credentials and data. While the company has declined to comment on reports that it was the victim of a ransomware attack, it said the incident was discovered on Nov. 19 and contained on Nov. 26, with operations restored by Dec. 6.

In addition to providing title insurance through companies including Chicago Title, Fidelity National Title and Commonwealth Land Title, FNF provides real estate technology and mortgage and real estate services through subsidiaries IPX 1031, Disclosure Source, inHere, ServiceLink, NextAce, CINC (Commissions Inc.), RealGeeks, SoftPro and SkySlope.

FNF representatives did not respond to Inman’s request for comment on whether clients of its other subsidiaries have also had personal data compromised.

On Dec. 22, LoanCare notified the Maine Attorney General’s office that as part of the investigation into the FNF data breach, it had determined that 1,316,938 of its customers may have had their personal information “exfiltrated.”

In a Dec. 20 notice to consumers, LoanCare said FNF’s investigation “determined that an unauthorized third party exfiltrated data from certain FNF systems. As part of the review of the potentially impacted data, LoanCare identified that some of your personal information may have been among that data. It is important to note that we have not identified any fraudulent use of your personal information as a result of this incident.”

In notifying consumers, LoanCare offered free identity monitoring services from Kroll including credit monitoring, fraud consultation, identity theft restoration and $1 million in identity fraud loss reimbursement.

“Regulators recommend that you be especially vigilant for the next 12 to 24 months and that you promptly report incidents of suspected identity theft to your financial institution,” LoanCare advised clients. “As part of staying vigilant, you should regularly review your account statements, and periodically obtain your credit report from one or more of the three national credit reporting companies.”

A wave of cybersecurity attacks have disrupted computer networks at more than 1,000 businesses and government entities, including FNF rival First American Financial and loan servicing giant Mr. Cooper.

First American Financial, the nation’s second biggest title insurer, said it isolated its systems from the internet on Dec. 20 after discovering unauthorized activity. Two days later, the company said it had taken its email system offline and warned recipients of emails “purporting to be from First American, First American Title or from FirstAm.com” to “be vigilant about cybersecurity risks and avoid clicking on unknown or suspect links.”

In a Dec. 22 Securities and Exchange Commission filing, First American said it was “working diligently” to restore systems it took offline “but cannot estimate the duration or extent of the disruption at this time.”

First American’s website remained offline Tuesday, the day after Christmas. The company, which also provides settlement services, data products, valuation services, mortgage subservicing, and banking and wealth management services, is providing updates on a temporary website, FirstAmUpdate.com, as they become available.

Mr. Cooper has said hackers gained access to the personal information of nearly 15 million current and past customers between Oct. 30 and Nov. 1, including Social Security numbers, dates of birth and bank account numbers. The company is offering two years of free credit monitoring, credit reports and credit score services from TransUnion to affected consumers.

A ransomware group known as Blackcat, ALPHV or Noberus, has allegedly infiltrated the computer networks of more than 1,000 victims, “including networks that support U.S. critical infrastructure,” the Department of Justice and FBI said in a Dec. 19 announcement.

A decryption tool developed by the FBI is being used by “dozens of victims in the United States and internationally,” and has so far saved “multiple victims from ransom demands totaling approximately $68 million,” the Justice Department said.

In a Dec. 19 advisory, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) detailed steps companies should take to protect against ransomware attacks.

Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.

Email Matt Carter