Fidelity National Financial, or FNF, one of the largest real estate services companies in the United States, said it has “contained” a recent cyber attack that plunged many of its subsidiaries and clients into chaos for more than a week.
On deposit with the US Securities and Exchange Commission, FNF said the incident was now under control as of November 26. “The Company is restoring normal business operations and coordinating with its customers,” the filing said.
On November 21, FNF revealed that it had fallen victim to a “cybersecurity incident”. This effectively froze all operations of the company and its subsidiaries, leaving people buying and selling homes or paying mortgages, confused and unsure of what was going to happen to their properties and money.
Contact us
Do you have more information about this data breach? We would love to hear from you. From a non-working device, contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or email at lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.
An FNF subsidiary called the incident a “disaster” in an automated message sent to anyone calling its customer support number. Last week, a voicemail for a person who works at an FNF affiliate said, “Fidelity National Financial is still experiencing a system-wide outage. We do not have access to send or receive email or access any system. We appreciate your patience.”
TechCrunch spoke to several affected people, who said they couldn’t get anyone from FNF or its affiliates on the phone to understand what was going on or get answers.
Earlier this week, a person who uses Lakeview, a company “underserved by LoanCare,” which is an FNF company, told TechCrunch that he was unable to access his account, and neither were people at Lakeview who he spoke to. on the phone. On Thursday, the person shared a screenshot of an email he received from Lakeview that said his account was now “up and running.”
Another LoanCare customer shared the same email in a Facebook group for people affected by the breach. Several others in the group said they had received the same email.
At this point, it is unclear what the FNF did to contain the incident.
Shortly after FNF announced the incident, the ransomware group calling itself ALPHV (aka BlackCat) listed FNF on its dark webeffectively claiming responsibility for the cyberattack and pressuring FNF to pay a ransom to restore operations.
The ransomware gang removed the FNF listing from its leaked website the same day FNF posted its file, saying it contained the incident. Sometimes when listings disappear from a ransomware gang’s websites, it means the victim may have paid the ransom.
FNF did not respond to a request for comment asking the company if it disputed the ransom payment.