Fortune 500 insurance and mortgage firm FNF shuts down network following cyberattack

real estate agent showing clients around a house
(Image credit: Getty)

Fortune 500 firm Fidelity National Financial (FNF) has suffered a cyberattack that forced it to take many of its services offline - and while the company did not specifically state the incident was a ransomware attack, the way it responded to the incident suggests it just might be.

The news, picked up by TechCrunch, is based on a report filed with the U.S. Securities and Exchange Commission (SEC) which states FNF discovered a security incident that “impacted certain FNF systems”. The company responded by notifying the police, investigating the matter, bringing in “leading experts”, and implementing “certain measures” of containment.

Some of the measures include blocking access to different parts of the system, which resulted in business disruptions, FNF explained. “For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures,” it says. “Our majority-owned subsidiary, F&G Annuities & Life, a leading provider of insurance solutions, was not impacted by the incident.”


Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Stealing credentials

FNF’s investigation has determined that an unnamed threat actor accessed some of its endpoints and “acquired certain credentials.” Fidelity National Financial is a Fortune 500 company providing title insurance and settlement services for the real estate and mortgage industry.

TechCrunch’s report says agents and homebuyers were “scrambling for solutions” following the shutdown of FNF’s services, especially because the services needed to complete transactions are expected to be offline until Sunday. The publication was also told that it was the servers in Jacksonville that were compromised in the attack. 

We still don’t know who breached FNF, if this was indeed a ransomware or a malware attack or what their demands are. We also don’t know what type of data was taken in the attack, as FNF is currently not responding to media inquiries.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.