In November 2023, Fidelity National Information Services experienced a data breach that impacted customers at several large banks. The incident occurred due to a vulnerability in a file transfer program used by the company, compromising sensitive consumer information.

How many accounts were compromised?

The breach impacted data related to approximately 8.5 million individuals.

What data was leaked?

The data exposed in the breach included credit card numbers, expiration dates, cardholder names, billing addresses, and CVV codes.

How was Fidelity National Information Services hacked?

An employee sold customer information to the ALPHV (or BlackCat) ransomware gang, who then deployed malware on Fidelity National Financial's systems and exfiltrated the data. The breach occurred due to a vulnerability in the MOVEit file transfer program used by FIS Global, compromising sensitive consumer information. The hackers used their dark web leak site to extort victims into paying for the removal and deletion of the stolen data.

Fidelity National Information Services's solution

In response to the hack, Fidelity National Information Services took action to enhance its security measures and prevent future incidents. The company suspended its use of the MOVEit file transfer program until all available patches were installed to eliminate the vulnerability. Fidelity National Financial notified law enforcement and government agencies of the attack and hired third-party cybersecurity experts to investigate. Affected customers were offered two years of identity protection services from Kroll as a form of support and assistance during the incident.

How do I know if I was affected?

Fidelity National Information Services has notified customers believed to be affected by the breach. If you're a customer of Fidelity National Information Services and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

1. Change Your Password: Immediately update your password for any account that may have been compromised. Make sure the new password is strong and unique, not previously used on any other platform.

2. Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

3. Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

4. Monitor Your Accounts: Keep an eye on your financial and personal accounts for any suspicious activity. Report any unauthorized transactions or changes to the appropriate institutions immediately.

For more specific help and instructions related to Fidelity National Information Services's data breach, please contact FIS Support by filling out the provided contact form.

Where can I go to learn more?

For more information on the Fidelity National Information Services data breach, check out the following news articles:

• Data Breach at Fidelity National Information Services Impacts Customers at Several Large Banks

• Fidelity National Financial says hackers stole data on 1.3 million customers

• Fidelity National Financial subsidiary says 1.3 million affected by November cyberattack