14 DAY TRIAL // Several employees of Fidelity National Financial (FNF), a provider of commercial and residential mortgage services, have fallen victims to spear-phishing attacks that led to compromising the credentials for their business email accounts.
FNF, which currently takes position 316 in Fortune’s top 500, is the parent company of Ticor Title Company of Oregon, Ticor Title of Nevada, Inc., Lawyers Title Company, and Lawyers Title of Oregon, LLC, which provide title insurance and real estate settlement services in Oregon, Nevada, and/or California.
Attackers logged several times in two days
It appears that the targeted attack occurred in April 2014, and multiple employees lost their credentials, offering the attackers the possibility to access restricted customer information.
There is no information on the number of employees tricked to provide their username and password on the fake log-in page, or if the bad actors behind the incident have been identified.
However, in a letter to the affected customers, dated September 23 and published by the California Office of the Attorney General on Friday, the company says that the attackers “logged into a subset of those accounts intermittently from April 14 through April 16, 2014.”
No evidence has been found that the FNF internet systems have been accessed without authorization, but there is the possibility that personally identifiable information may have been gleaned by the intruders.
This includes social security number, bank account number, credit/debit card number and driver's license number.
Risk for customers assessed as being low
A third-party security expert was contracted to conduct the investigation and determine the scope of the attack. According to the investigators, the main purpose of the incident appears to be the collection of details about ongoing business transactions that would allow redirection of scheduled money transfers.
As such, the purpose does not seem to be amassing vast amounts of financial information that could then be sold on carding forums. FNF believes that the risk associated with this security breach is low.
The number of individuals whose information was exposed is not provided in the letter, but it should be in excess of 500 in California alone. According to California law, the attorney general has to receive a copy of the breach notice when this many residents of the state have been affected.
To mitigate the risk of identity theft, FNF provides 12 months of free membership for AllClear ID to the affected customers, says Paul I. Perez, Chief Compliance Officer at Fidelity National Financial; they have to activate the service themselves at any time after receiving the letter.