Fidelity National Financial (FNF) is the nation’s largest group of title companies and underwriters in the country. They claim that collectively, they issue more title insurance policies than any other firm in the United States.
On Wednesday, while many Americans were getting ready for Thanksgiving, AlphV (BlackCat) threat actors announced that they had attacked FNF. They appear to blame Mandiant for FNF not paying their extortion demand:
Hiring Mandiant has the following effects. You end up ruined. They had a good reputation ten years ago. Everyone is aware that they fell, so let’s just be kind to them now. We expect a blog post in retaliation, don’t stub your fingers, warriors.
Their IT department and Mandiant determine that sitting still is the best course of action while we screw them. 30 people in teams call at 3 am America time and still lost.
Before disclosing whether or whether we have collected any data, we will allow FNF further time to get in touch. Wouldn’t want to disclose every card at this early stage.
I implore FNF investors to talk some reason into these executives who are gullible enough to fall for Mandiant’s disinformation. Better threat intelligence may be obtained from my deceased mother than from Kevin Mandia’s (sellout) firm. Your bum must be bruised from all that riding on Microsoft as a Google company.
There is nothing on FNF’s website that indicates any data breach or problem, and AlphV has posted no proof of claims, but FNF shut down many of their online services and filed a report with the Securities and Exchange Commission (SEC) that confirms they were aware of access to certain systems and were investigating:
Fidelity National Financial, Inc. (“FNF” or the “Company”) recently became aware of a cybersecurity incident that impacted certain FNF systems. FNF promptly commenced an investigation, retained leading experts to assist the Company, notified law enforcement authorities, and implemented certain measures to assess and contain the incident. Among other containment measures, we blocked access to certain of our systems, which resulted in disruptions to our business. For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures. Our majority-owned subsidiary, F&G Annuities & Life, a leading provider of insurance solutions, was not impacted by the incident.Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials. The investigation remains ongoing at this time.FNF will continue to assess the impact of the incident and whether the incident may have a material impact on the Company.We are working diligently to address the incident and to restore normal operations as quickly and safely as possible.
Commenting on the situation, Kevin Beaumont wrote that the ransomware incident is causing problems across the US housing market because FNF owns “a ton of downstream companies, eg Chicago Title, and they’re also offline.” Beaumont points to Dataconomy for a report on the impact the incident has already had this week:
Real Estate News highlighted the immediate consequences of the Fidelity National Financial data breach breach, revealing that numerous real estate closings were abruptly halted. This disruption left agents and homebuyers in a state of urgency, seeking alternative ways to finalize their transactions, which were reportedly not expected to resume until Sunday.
San Francisco broker Kate Fomina of Crypton Realty conveyed to Real Estate News the challenges her clients are facing due to this delay. They were expecting to close on Wednesday, but Fomina received a call from the escrow company, Chicago Title. “They told me there was a security breach and because of that they have to shut down the whole system, all over the country,” she explained. “The closing system is down at least until Sunday. They can’t send any wires, can’t release for recording.”