Fidelity National Financial (FNF), a leading insurance entity in the Fortune 500, disclosed a cybersecurity incident in an 8-K filing with the Securities and Exchange Commission (SEC). The breach prompted the shutdown of multiple systems, impacting key services such as title insurance, escrow, mortgage transaction services, and technology for the real estate and mortgage sectors.
The company, boasting over $11 billion in revenue in 2022 and a prominent position as a title insurance underwriter and transaction service provider, acknowledged that an intruder accessed certain systems and acquired credentials. However, the full extent and potential material impact of the incident remain under evaluation.
While investigations are ongoing, FNF is diligently working to restore normal operations. The incident’s effect on trade remains undisclosed as of now. Despite attempts to reach out for additional comments, responses from FNF and incident response specialist Mandiant have not been received.
The filing, dated November 19 and made public within the SEC’s reporting timeframe, suggests the company became aware of the breach over the preceding weekend. Notably, the cybersecurity group ALPHV/BlackCat claimed responsibility for the attack on November 22 but provided limited details regarding the accessed information.
ALPHV/BlackCat hinted at withholding disclosed data, granting FNF more time to engage before revealing further details. The impact of this incident has affected some companies and home buyers, delaying purchase closures in the US real estate market.
Security experts speculate the breach might have exploited a critical vulnerability, “CitrixBleed,” affecting Citrix Netscaler devices. Despite FNF reportedly patching their systems two weeks post-vulnerability disclosure, concerns arise as the exploit has been used extensively by ransomware groups, including LockBit.
Researcher Kevin Beaumont indicated that numerous organizations, including notable entities like Boeing, have fallen victim to this vulnerability. Despite a bulletin from the US Cybersecurity and Infrastructure Security Agency (CISA) warning about the widespread exploitation of CitrixBleed, thousands of organizations reportedly remained exposed as of November 13.
