Fidelity’s Cyber Breach Becomes Loancare’s Mortgage Meltdown
Loancare, a mortgage subservicing company, recently announced a significant data breach affecting approximately 1.3 million individuals.
This incident stems from a cybersecurity attack on parent company Fidelity National Financial, Inc. (FNF), a prominent title insurance provider, discovered in November of 2023. You can read the details of their cyberattack in a SEC filing.
The Breach
The breach involved unauthorized access to FNF’s computer systems, resulting in the potential theft of sensitive personal identifiable information belonging to Loancare customers.
“On or about November 19, 2023, Loancare, LLC (“Loancare”), which performs or has performed loan subservicing functions for your mortgage loan servicer, became aware of unauthorized access to certain systems within its parent’s, Fidelity National Financial, Inc. (“FNF”), information technology network.”
The compromised data includes:
Full names
Physical addresses
Social Security Numbers (SSN)
Loan numbers
This kind of information is sensitive and could be used for targeted phishing, social engineering, and scamming attacks.
Reactive Measures
Loancare began notifying individuals potentially impacted by the breach and advised them to remain vigilant against unsolicited communications. Additionally, Loancare is offering a two-year identity monitoring service through Kroll to help mitigate the risks for those affected by the breach.
Ransomware Repercussions
The breach had far-reaching implications, leading to a week-long outage at FNF and causing confusion and disruption for people involved in real estate transactions, including buying and selling homes and paying mortgages. The ransomware group known as ALPHV or BlackCat reportedly claimed responsibility for the attack.
Fidelity and Loancare are currently facing a class action lawsuit. The lawsuit alleges they were negligent with customer data as well as breached their contracts.
The Escalating Cybersecurity Law Requirements
The recent amendments to the DFS Cybersecurity Regulation, FTC Safeguards Rule, and SEC Data Breach Laws all underscore a growing recognition of cybersecurity’s critical role in protecting sensitive information in the digital era. These changes signal a shift towards more stringent enforcement and higher standards for data protection across the board.
Why Mortgage Company Owners Should Take Note
Data Security is Paramount:
The breach demonstrates the vulnerability of mortgage firms to cyber threats and the crucial need for stringent data security measures.
Legal and Compliance Risks:
The incident led to a class action lawsuit against FNF and Loancare, underscoring the legal repercussions that can arise from cybersecurity failures.
Reputational Damage:
A data breach can significantly tarnish a company's reputation, affecting customer trust and business continuity.
The Ripple Effect:
The disruption caused by the breach extended beyond FNF and Loancare, affecting the wider real estate and mortgage industries.
This Breach comes just days after First American Title Insurance was hit by a second cybersecurity breach and Mortgage giant Mr. Cooper was hit by a severe cyber attack and is also facing four class action lawsuits.
Stop waiting until your firm is hit with a cyberattack. Take the proactive first step towards verifying your compliance with NYDFS with a FREE Complete Technology Assessment and Compliance Review: Click here to Schedule.
Walter Contreras
Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.
