First American Security Incident

Quandis is issuing an update on a security incident that impacted a Quandis business partner, First American. We want to assure our valued customers that the incident is isolated and has no effect on any of our products, except for Title Direct customers routing title orders to First American Title.

On December 21, we were made aware of a security incident involving one of our business partners (First American). Our immediate response was to assess the extent of the incident and its potential impact on our products and, more importantly, our customers’ data.

After a comprehensive analysis, we can confirm that the security incident is limited in scope and has no impact outside of our Title Direct product. No products or services offered by Quandis have been compromised. We want to emphasize that the security and privacy of our customers’ data are of utmost importance to us, and we have taken swift and decisive action to address this matter.

To our Title Direct users, we are working with First American to determine the scope of the incident, and whether any title orders were impacted. We understand the concern this may raise, and we want to assure you that we are taking all necessary steps to mitigate the impact of the incident on your title orders. Our team is working diligently to route title orders to alternate vendors, until the First American security incident is resolved. In the meantime, we are providing our Title Direct customers the option to re-route title orders to alternate providers until First American is back online.

For customers utilizing our other products, please rest assured that your data remains secure and unaffected by this incident. We have implemented rigorous security protocols across our entire product suite to safeguard your information.

Apache Struts Vulnerability – Quandis not Impacted

Quandis does not use Apache or Struts, and is not affected by the vulnerability announced in CVE-2023-50164 .

Fidelity National Financial Security Incident

Quandis is issuing an update on a security incident that impacted a Quandis business partner, Fidelity National Financial (FNF). We want to assure our valued customers that the incident is isolated and has no effect on any of our products, except for Title Direct customers routing title orders to ServiceLink.

On November 28, we were made aware of a security incident involving one of our business partners (FNF). Our immediate response was to assess the extent of the incident and its potential impact on our products and, more importantly, our customers’ data.

After a comprehensive analysis, we can confirm that the security incident is limited in scope and has no impact outside of our Title Direct product. No products or services offered by Quandis have been compromised. We want to emphasize that the security and privacy of our customers’ data are of utmost importance to us, and we have taken swift and decisive action to address this matter.

To our Title Direct users, we are working with ServiceLink to determine the scope of the incident, and whether any title orders were impacted. We understand the concern this may raise, and we want to assure you that we are taking all necessary steps to mitigate the impact of the incident on your title orders. Our team is working diligently to route title orders to alternate vendors, until the FNF security incident is resolved.

For customers utilizing our other products, please rest assured that your data remains secure and unaffected by this incident. We have implemented rigorous security protocols across our entire product suite to safeguard your information.

Protecting Service Member Data Amidst National Security Concerns

In the wake of recent news highlighting national security risks associated with the sale of service member data, it’s imperative to reiterate our unwavering commitment to safeguarding the privacy and integrity of service members’ information at Quandis Military Search (QMC). Our automated service ensures that no Quandis employees are involved in data processing, and it strictly caters to customers who have a legitimate financial relationship with service members, solely for SCRA and MLA compliance. The security measures in place exceed Department of Defense standards, emphasizing our dedication to data protection. As national security concerns loom large, our focus remains firmly on ensuring the responsible and secure handling of service member data in alignment with the highest ethical and legal standards.

HTTP/2 Rapid Reset Vulnerability: Quandis Not Affected, Cloud providers have remediated

Vulnerabilities in the HTTP/2 protocol were recently announced a per CVE-2023-44487.

Quandis uses cloud services from AWS, Azure and Google.

These cloud providers have remediated the HTTP/2 issue as per the links below.

Our web applications are hosted in AWS which are fronted by AWS Application Load Balancers, and AWS has remediated  the HTTP/2 issue.

MOVEit Transfer Vulnerability: Quandis Not Affected

Quandis is not impacted by the MOVEit Transfer vulnerability flagged by CVE-2023-34362  as we do not use the product.

Silicon Valley Bank (SVB) and Signature Bank failures: Quandis Not Affected

The recent failure of SVB and Signature Bank does affect Quandis or QBO-based systems.
Quandis does not have a relationship with either bank and none of our cloud service providers are impacted ( AWS, Microsoft, Google )

Okta/Sitel breach: Quandis Not Affected

The recent security breach at Okta’s via their partner Sitel does not affect Quandis or QBO-based systems.  Quandis does not use Okta’s IDP platform.

Apache Log4j2 Vulnerability: Quandis Not Affected

Quandis is not impacted by the Apache Log4j2 vulnerability flagged by CVE-2021-44228.

Partners such as LogicMonitor, AWS, Microsoft and Google were impacted and have mitigated the issue as of December 11.

Apache Path Normalization Vulnerability: Quandis Not Affected

Quandis is not impacted by the Apache path normalization vulnerability flagged by CVE-2021-41773 and CVE-2021-42013. Quandis does not use Apache servers.