Hackers obtained Social Security numbers in Fidelity cyberattack

Following a pre-Thanksgiving cyberattack at parent company Fidelity National, mortgage subservicer Loancare disclosed the degree of data compromise that has occurred from the incident thus far.

In a filing with the Maine attorney general's office last week, Loancare revealed personal identifiable information, including Social Security numbers, of 1,316,938 customers were exposed in the event, which occurred on Nov. 19. 

In correspondence being sent to affected clients, the Virginia Beach, Virginia-based company said it "determined that an unauthorized third party exfiltrated data from certain FNF systems," while noting it had not seen any fraudulent use of customer information thus far.

"Based on our investigation, we understand that your Name, Address, Social Security Number, and Loan Number may have been obtained by the unauthorized third party," the letter added. 

As part of requirements to protect potential victims, Loancare is offering 24 months of identity theft protection services to recipients of its letter through Kroll Monitoring. Among the resources included in the package is credit and web monitoring, identity-theft restoration services, as well as consultation and up to $1 million reimbursement for damages resulting from any ID fraud loss.

While Fidelity National attempts to address the fallout, neither it nor any of its subsidiaries have identified the perpetrators of the attack, although the notorious ransomware group Alphv/Blackcat claimed responsibility. 

The Maine filing came just days after both Loancare and Fidelity National were named as defendants in a potential California class action resulting from the hack. The November data breach left Loancare and FNF customers without online access to their accounts for several days. 

And in an unwelcome recurrence to end the year, First American also presently finds itself in the throes of a probable cyberattack. Upon initial discovery on Dec. 20 of what it described as a "cybersecurity incident," the title insurance and settlement services provider shut down access to its website, including customer account portals and its email system. In a filing with the Securities and Exchange Commission on Friday, the company said, "During the disruption, the Company's primary website may be inaccessible or inoperative," noting it could not estimate the duration or extent of the impact.

As of midday Tuesday, First American's website was still offline with updates provided through an affiliated link, firstamupdate.com. The latest hack occurs just weeks after the company paid a $1 million penalty to New York State following a months-long data breach in 2019. 

The current event caught the attention of Fitch Ratings, who said it was monitoring the situation. The agency, though, affirmed its ratings of First American's title insurance subsidiaries despite ongoing difficulties, citing its role as the second largest residential title insurer in the U.S. as well as a leader in the commercial market.

"However, the ratings could be impacted the longer business operations remain constrained, if the investigation shows weak corporate governance or risk management, or material adverse information is disclosed," Fitch added. 

The situation at First American is the third major cybersecurity incident to hit mortgage and title industries in as many months. In October, cyber criminals infiltrated systems at servicer Mr. Cooper, who recently revealed almost 15 million borrowers had their Social Security numbers and other personal data compromised. At least 13 class action lawsuits have been filed against Mr. Cooper as a result.