Big Four title firm Fidelity National Financial and its subsidiary mortgage subservicer Loancare are facing a class action lawsuit alleging that they were negligent with customer data and that they breached their contract, after the firm was the victim of a cyber security attack in late-November.
The suit was filed last Tuesday by Teneika Tillis, a Loancare servicing client, in U.S. District Court for Central California. The complaint states that Tillis filed the suit “upon information and belief” that her personal identifiable information had been comprised in the attack.
“The data breach itself and information defendants have disclosed about the breach to date, including its length, the need to remediate defendants’ cybersecurity and the sensitive nature of the impacted data, collectively demonstrate defendants failed to implement reasonable measures,” the complaint states.
In addition, Tillis claims as a result of the data breach the plaintiff class has been “required to continue to undertake time-consuming and oten costly efforts to mitigate the actual and potential harm.”
The complaint also maintains that Loancare should have notified consumers of inadequate securitymeasures after it reported a data breach around August 2022. “Defendants thus failed to take reasonable measures to secure its system,” the lawsuit said.
Roughly a week after initially reporting the attack, Fidelity said the incident was contained, however the firm has yet to disclose the type of personal information that may have been acquired by the cyber criminals or the number of clients impacted by the incident.
Shortly after the incident, ransomware gang AlphV/BlackCatclaimed responsibility.
In an online post last week, AlphV/BlackCat blamed Fidelity for allegedly hiring incident responders from Google’s Mandiant unit and threatened to disclose information on data it collected.
Tillis is demanding a jury trial and a damages amount that is “equitable relief with pre-judgment and post-judgment interest” to the plaintiff and members of the class.
Mr.Cooper, which became the victim of a cyber security attack in late October, is currently facing four class action suits as a result of the attack.
Related
FAQs
In most cases, companies reacted quickly, by taking the cyber attack under control. Further on, it took the organizations 33 days on average to complete the forensic investigation of the attacks. The longest the companies needed, was the time to notify about the cyber incident, which took 60 days on average.
Did Fidelity pay ransom? ›
The ransomware gang removed FNF from the list the same day, suggesting that the mortgage services provider paid a ransom. By September 2023, BlackCat had compromised over 1,000 organizations globally, three-quarters based in the United States.
Does Fidelity protect against hackers? ›
With our Customer Protection Guarantee, we reimburse you for losses from unauthorized activity in your accounts. We also participate in asset protection programs such as FDIC and SIPC to help provide the best service possible. See our protection guarantee and account coverage.
Has there been a data breach at Fidelity? ›
Fidelity Investments has disclosed a data breach that impacted more than 28,000 customers.
How long does it take to investigate a cyber attack? ›
The IBM Cost of a Data Breach Report 2023, which examined 553 organizations in 16 countries, went into more detail about the length of time to detect and contain an attack. In attacks that were disclosed by the attacker, the mean time to identify and contain an attack took 320 days.
How much money does it take to recover from a cyber attack? ›
Cyberattack Costs on the Rise
The financial impacts of a cyberattack have been rising in recent years.In 2023, the average cost of a data breach totaled $9.48 million, up from $9.44 million in 2022. The global average stands at $4.45 million, which shows a 15.3% increase over three years.
Can I get my money from Fidelity? ›
You can withdraw money from your Fidelity brokerage account and: Transfer it to another account you own using the Fidelity Electronic Funds Transfer account service, or. Have the money sent to your mailing address via check.
What happens if Fidelity goes bust? ›
The Securities Investor Protection Corporation (SIPC) is a nonprofit organization that protects stocks, bonds, and other securities in case a brokerage firm goes bankrupt and assets are missing. The SIPC will cover up to $500,000 in securities, including a $250,000 limit for cash held in a brokerage account.
Is money in Fidelity protected? ›
All Fidelity brokerage accounts are covered by SIPC. This includes money market funds held in a brokerage account since they are considered securities. Learn more about SIPC coverage at http://www.sipc.org.
What happens if Fidelity gets hacked? ›
Fidelity will determine the type and amount of reimbursem*nt, including whether to replace the securities in your account that were taken, and may seek restitution for reimbursem*nts made under this guarantee from the person(s) or entity that committed the unauthorized activity.
While Fidelity is privately held and doesn't release financial statements, it's widely regarded as financially solid and stable, with $8 billion of operating income in 2022.
How trusted is Fidelity? ›
Is Fidelity a safe company to invest with? Yes, Fidelity is one of the safest brokerages to invest with. It's an industry leader with a stellar reputation and fully regulated in the U.S. with the SEC and FINRA, is trusted by over 43 million people and holds over $11.5 trillion in assets under administration.
Can I sue a company if my data is breached? ›
To address any harm you endured, the law gives you the right to seek financial compensation following a data breach. You can and should seek legal recourse from a company that exposed your data, and you can file a lawsuit to obtain payment for your losses.
Are my stocks safe at Fidelity? ›
Because Fidelity is privately owned, it is able to make decisions based on long-term benefits — not short-term gains — for the clients it serves. Fidelity's financial stability, its compliance with industry regulations, and its insurance protection all serve to help safeguard your investments.
Is Fidelity no longer FDIC insured? ›
Fidelity is not a bank and brokerage accounts are not FDIC-insured, but uninvested cash balances are eligible for FDIC insurance. Balances above $5 million may be placed in a non-FDIC insured money market fund, which earns a different rate. See details in Learn more section below.
How long does it take to recover from a cyber security attack? ›
A cyber attack can last from a few days to several months, with the average recovery time after a ransomware attack being around 22 days, but it can vary depending on factors such as encryption type and forensic investigation.
What is the average downtime for a cyber attack? ›
Length of impact after a ransomware attack U.S. Q1 2020- Q2 2022. As of the second quarter of 2022, the average length of interruption after ransomware attacks at businesses and organizations in the United States was 24 days. This was less than the downtime duration in previous quarter, 26 days.
How long does it take to finish cyber? ›
Typically, it takes 4 years to get a Bachelor's Degree in Cybersecurity if you don't have any qualifying transfer credits. CSU Global makes it easy to graduate sooner by utilizing transfer credits, and we're dedicated to accepting as many of your transfer credits as possible.
What is the downtime after a cyber attack? ›
For cybersecurity analysts, downtime includes time spent assessing the cause of a breach, containing the breach and recovering from its effects. According to incident management software company Blameless, responding to a single incident, even a minor one, may take up to eight hours.
