Fidelity National faces eight class action suits after cyberattack

Eight legal actions have been lodged against Fidelity National Financial and its subsidiary LoanCare after both parties were impacted by a cyberattack in November.

The majority of the suits, which are seeking class action status, accuse the companies of failing to protect personal identifiable information of customers. Over 1.3 million customers had their data and Social Security numbers exposed in the event, a filing with the Maine attorney general's office shows.

One of the most recent suits, filed on Jan. 9 in a federal court in Florida, claims the defendants were "reckless" in maintaining the private information of customers.

The case filed by Ryan Turizo, a customer of LoanCare, alleges the defendants "owed [him] and class members a duty to take all reasonable and necessary measures to keep the PII they collected safe…yet breached their duty by failing to implement or maintain adequate security practice."

Fidelity National did not immediately respond to a request for comment.

The suit also points out discrepancies in how long it took for Fidelity's subsidiary to inform customers of the breach.

Though Fidelity disclosed on Nov. 19 that an incident took place, LoanCare customers were "not notified until around December 22, 2023, and LoanCare's first public disclosure on December 20, 2023, states it only discovered the data breach on December 13, 2023," the suit said.

The cyber event, which notorious ransomware group Alphv/Blackcat claimed responsibility for, impacted Fidelity's title insurance and escrow services, mortgage transaction services and technology to the real estate and mortgage industries. Meanwhile, LoanCare's consumer names, addresses, Social Security numbers and loan numbers were accessed.

Turizo in his suit accuses both companies of negligence, common law invasion of privacy and of violating the Florida Deceptive and Unfair Trade Practices Act.

Another class action suit filed in Florida on Jan. 8 by Christi Horan is seeking monetary damages for home sellers who were impacted by the data breach.

Per the suit, Horan's closing date to sell her property was Nov.29, but the transaction could not go through because Fidelity's systems were frozen. The home sale closed more than a week later, on Dec. 5.

This delay caused "Horan to suffer economic harm in that she was required to pay additional taxes, interest, common area maintenance expenses, and other charges associated with her ownership of the Horan Residence," the suit said.

In reaction to the hack, Fidelity and its subsidiary have moved to rectify the situation by offering 24 months of identity theft protection services to recipients of its letter through Kroll Monitoring. Among the resources included in the package is credit and web monitoring, identity-theft restoration services, as well as consultation and up to $1 million reimbursement for damages resulting from any ID fraud loss.

A flurry of cybersecurity breaches have hit lenders, services and title insurers in recent months. Apart from Fidelity, Loandepot, Mr.Cooper and First American Financial Corporation have also fallen victim to attacks.