Fidelity National Financial (FNF), one of the largest title insurance providers in the United States, announced on November 21 that it fell victim to a sophisticated cyberattack. The incident caused widespread disruptions to FNF's operations, affecting title insurance, escrow, and other title-related services, as well as mortgage transactions and technology for the real estate and mortgage industries.
The company was forced to shut down its systems for several days, resulting in delays and cancellations of real estate closings, as well as financial losses for both FNF and its customers.
"Among other containment measures, we blocked access to certain of our systems, which resulted in disruptions to our business," the company said in a Nov. 19 report filed with the U.S. Securities and Exchange Commission. "Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials. The investigation remains ongoing at this time."
The cyberattack on FNF highlights the growing vulnerability of the real estate industry to cyber threats. The industry's reliance on outdated technology and its handling of sensitive customer data make it an attractive target for cybercriminals. Moreover, the interconnected nature of the real estate ecosystem means that a cyberattack on one company can quickly ripple through the entire industry.
The ransomware group BlackCat has claimed responsibility for the attack. The group is linked to the Colonial Pipeline hack that caused gas prices to spike in 2021 and the hack of MGM Resorts earlier this year. According to the Federal Bureau of Investigation, the ransomware group, which is also referred to as ALPHV, had compromised more than 60 entities in early 2022.
Some FNF subsidiaries reportedly did not have access to send or receive email or access to any system and asked customers to stay patient.
As of December 4, FNF had not acknowledged the breach on its Press Room page. In an SEC filing on Nov. 29, FNF reported that the company formally contained the incident on Nov. 26 and that it took measures to block access to the systems that disrupted its operations.
"FNF's claim of having 'contained' the attack by Nov. 26 implies that they were able to halt the spread of the ransomware and begin restoration processes," said Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start. "Containment is a critical step in incident response, but it's just the beginning of a longer recovery process that often involves data recovery, system repairs, and strengthening cybersecurity measures. The disappearance of FNF's listing from the ransomware group's website could imply that a ransom was paid, although this is not confirmed."
Implications of the FNF cyber incident
The FNF cyberattack has several implications for the real estate industry:
-
Increased risk of financial losses: Cyberattacks can cause significant financial losses for real estate companies, both in terms of direct costs such as data recovery and lost business opportunities, as well as indirect costs such as reputational damage and customer churn.
-
Disruptions to real estate transactions: Cyberattacks can disrupt real estate transactions, causing delays, cancellations, and title insurance claims. This can lead to frustration and inconvenience for buyers, sellers, and lenders.
-
Erosion of consumer trust: Cyberattacks can erode consumer trust in the real estate industry. If consumers believe that their personal and financial information is not secure, they may be hesitant to engage in real estate transactions.
Recommendations for the real estate industry
In light of the FNF cyberattack, the real estate industry must take steps to strengthen its cybersecurity posture. Here are some recommendations:
-
Invest in cybersecurity infrastructure: Real estate companies should invest in robust cybersecurity infrastructure, including firewalls, intrusion detection systems, and data encryption.
-
Educate employees on cybersecurity: Real estate companies should educate their end-users about cybersecurity threats and best practices. This includes training employees on how to identify and avoid phishing scams and how to create strong passwords.
-
Adopt a Zero-Trust approach: Real estate companies should adopt a Zero-Trust approach to cybersecurity, which assumes that no user or device is trusted by default. This approach requires continuous verification of user identities and access privileges.
-
Develop a cybersecurity incident response plan: Real estate companies should develop a comprehensive cybersecurity incident response plan that outlines the steps to be taken in the event of a cyberattack.