Fortune 500 firm Fidelity National Financial (FNF) has suffered a cyberattack that forced it to take many of its services offline – and while the company did not specifically state the incident was a ransomware attack, the way it responded to the incident suggests it just might be.
The news, picked up by TechCrunch, is based on a report filed with the U.S. Securities and Exchange Commission (SEC) which states FNF discovered a security incident that “impacted certain FNF systems”. The company responded by notifying the police, investigating the matter, bringing in “leading experts”, and implementing “certain measures” of containment.
Some of the measures include blocking access to different parts of the system, which resulted in business disruptions, FNF explained. “For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures,” it says. “Our majority-owned subsidiary, F&G Annuities & Life, a leading provider of insurance solutions, was not impacted by the incident.”
Stealing credentials
FNF’s investigation has determined that an unnamed threat actor accessed some of its endpoints and “acquired certain credentials.” Fidelity National Financial is a Fortune 500 company providing title insurance and settlement services for the real estate and mortgage industry.
TechCrunch’s report says agents and homebuyers were “scrambling for solutions” following the shutdown of FNF’s services, especially because the services needed to complete transactions are expected to be offline until Sunday. The publication was also told that it was the servers in Jacksonville that were compromised in the attack.
We still don’t know who breached FNF, if this was indeed a ransomware or a malware attack or what their demands are. We also don’t know what type of data was taken in the attack, as FNF is currently not responding to media inquiries.