In April 2014, Fidelity National Financial, Inc. (FNF) fell victim to a **targeted phishing attack** that lasted from **April 14 to April 16**, leading to a **data breach** reported by the California Office of the Attorney General on **October 24, 2014**. The incident exposed **highly sensitive personal information**, including **Social Security numbers, bank account details, and driver’s license numbers** of affected individuals. While the breach occurred due to a malicious phishing campaign, **no evidence of unauthorized access or misuse of the exposed data was found** at the time of reporting. The attack highlighted vulnerabilities in FNF’s cybersecurity defenses, particularly against **social engineering tactics**, which allowed threat actors to potentially compromise confidential financial and identity-related records. Despite the lack of confirmed exploitation, the exposure of such critical data posed significant risks, including **identity theft, financial fraud, and reputational harm** to both the company and the impacted individuals.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-47112
TPRM report: https://www.rankiteo.com/company/fidelity-national-financial
"id": "fid959091725",
"linkid": "fidelity-national-financial",
"type": "Breach",
"date": "4/2014",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'location': 'United States (California)',
'name': 'Fidelity National Financial, Inc. (FNF)',
'type': 'Corporation'}],
'attack_vector': 'Phishing',
'data_breach': {'data_exfiltration': 'Potential (no evidence confirmed)',
'personally_identifiable_information': ['Social Security '
'numbers',
"driver's license "
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2014-04-16',
'date_publicly_disclosed': '2014-10-24',
'description': 'On October 24, 2014, the California Office of the Attorney '
'General reported a data breach involving Fidelity National '
'Financial, Inc. (FNF) that occurred from April 14 to April '
'16, 2014, due to a targeted phishing attack. The incident may '
'have exposed personal information for individuals, including '
"Social Security numbers, bank account numbers, and driver's "
'license numbers, although no evidence of unauthorized access '
'was found.',
'impact': {'data_compromised': ['Social Security numbers',
'bank account numbers',
"driver's license numbers"],
'identity_theft_risk': 'Potential (no evidence of unauthorized '
'access)',
'payment_information_risk': 'Potential (bank account numbers '
'exposed)'},
'initial_access_broker': {'entry_point': 'Phishing attack'},
'investigation_status': 'Completed (no evidence of unauthorized access found)',
'post_incident_analysis': {'root_causes': 'Successful phishing attack leading '
'to potential data exposure'},
'references': [{'date_accessed': '2014-10-24',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Fidelity National Financial, Inc. (FNF) Phishing Attack and Data '
'Breach (2014)',
'type': 'Data Breach'}