Fidelity National Financial’s Ransomware ‘disaster’ has panicked home owners and buyers

On Tuesday, Fidelity National Financial, or FNF, is a real estate services company that bills themselves as the “leading provider of title insurance and escrow services, and the largest title insurance company in North America,” announced that it had experienced a cyberattack.

Since then, home owners with mortgages and prospective buyers who purchase properties with FNF or one of the many subsidiaries left confused and worried, not knowing what was happening or what to do.

“I feel like I’m running. I don’t know where my money is,” said one woman, who told TechCrunch she sold a house in Illinois for $397,000 with IPX 1031, a broker owned by FNF.

The woman, who asked to remain anonymous, said she tried to call IPX 1031 but was unable to speak to anyone there.

When TechCrunch called a number for an employee on IPX 1031 that the woman called, a voicemail said “Fidelity National Financial is still experiencing a system outage. We do not have access to the delivery or receiving email or accessing any system. We appreciate your patience.”

FNF has not responded to TechCrunch’s emails since last week.

A call last Monday to the FNF receptionist at its corporate office was met with an automated message saying the receptionist was busy. Calls to the same number on Wednesday returned the same automated message.

Contact Us

Do you have more information about this data breach? We love hearing from you. From a non-work device, contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email You can also contact TechCrunch through SecureDrop.

The FNF website was down at the time of publication.

To date, the FNF has said little publicly about the incident. In a regulatory filing with the US Securities and Exchange Commission in which it announced the breach, FNF said: “We have blocked access to some of our systems, resulting in disruptions to our business. For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology in the real estate and mortgage industries, are affected by these measures.”

Christine Youmans, who said she used LoanCare to pay off her debt, said she didn’t know what to do. LoanCare, owned by FNF, offers “full-service subservicing to the mortgage industry, according to its website.

“Everything is closed and nobody can pay the loan and you can’t get it on the phone,” Youmans told TechCrunch.

A call to a number on the LoanCare website was answered with an automated message that said: “For those of you affected by the recent disaster, we hope you and your family are safe. We are here to help you and your family back to normal.”

Shortly after the cyberattack, the ransomware gang known as ALPHV (or BlackCat) claimed responsibility for the FNF cyberattack in a message posted on the gang’s official dark web site.

Leave a comment