The breach involved unauthorized access to FNF's computer systems

Claim Your FREE Cybersecurity Risk Assessment for peace of mind before leaving the office.

Fidelity’s Cyber Breach Becomes Loancare’s Mortgage Meltdown

Loancare, a mortgage subservicing company, recently announced a significant data breach affecting approximately 1.3 million individuals.  

This incident stems from a cybersecurity attack on parent company Fidelity National Financial, Inc. (FNF), a prominent title insurance provider, discovered in November of 2023. You can read the details of their cyberattack in a SEC filing. 

The Breach 

The breach involved unauthorized access to FNF’s computer systems, resulting in the potential theft of sensitive personal identifiable information belonging to Loancare customers.  

“On or about November 19, 2023, Loancare, LLC (“Loancare”), which performs or has performed loan subservicing functions for your mortgage loan servicer, became aware of unauthorized access to certain systems within its parent’s, Fidelity National Financial, Inc. (“FNF”), information technology network.” 

The compromised data includes:

Full names

Physical addresses

Social Security Numbers (SSN)

Loan numbers

This kind of information is sensitive and could be used for targeted phishing, social engineering, and scamming attacks. 

Reactive Measures 

Loancare began notifying individuals potentially impacted by the breach and advised them to remain vigilant against unsolicited communications. Additionally, Loancare is offering a two-year identity monitoring service through Kroll to help mitigate the risks for those affected by the breach. 

Ransomware Repercussions  

The breach had far-reaching implications, leading to a week-long outage at FNF and causing confusion and disruption for people involved in real estate transactions, including buying and selling homes and paying mortgages. The ransomware group known as ALPHV or BlackCat reportedly claimed responsibility for the attack. 

Fidelity and Loancare are currently facing a class action lawsuit. The lawsuit alleges they were negligent with customer data as well as breached their contracts.  

The Escalating Cybersecurity Law Requirements 

The recent amendments to the DFS Cybersecurity Regulation, FTC Safeguards Rule, and SEC Data Breach Laws all underscore a growing recognition of cybersecurity’s critical role in protecting sensitive information in the digital era. These changes signal a shift towards more stringent enforcement and higher standards for data protection across the board. 

Why Mortgage Company Owners Should Take Note 

Data Security is Paramount:

The breach demonstrates the vulnerability of mortgage firms to cyber threats and the crucial need for stringent data security measures.

Legal and Compliance Risks:

The incident led to a class action lawsuit against FNF and Loancare, underscoring the legal repercussions that can arise from cybersecurity failures.

Reputational Damage:

A data breach can significantly tarnish a company's reputation, affecting customer trust and business continuity.

The Ripple Effect:

The disruption caused by the breach extended beyond FNF and Loancare, affecting the wider real estate and mortgage industries.

This Breach comes just days after First American Title Insurance was hit by a second cybersecurity breach and Mortgage giant Mr. Cooper was hit by a severe cyber attack and is also facing four class action lawsuits.  

Stop waiting until your firm is hit with a cyberattack. Take the proactive first step towards verifying your compliance with NYDFS with a FREE Complete Technology Assessment and Compliance Review: Click here to Schedule.