Quandis is issuing an update on a security incident that impacted a Quandis business partner, First American. We want to assure our valued customers that the incident is isolated and has no effect on any of our products, except for Title Direct customers routing title orders to First American Title.
On December 21, we were made aware of a security incident involving one of our business partners (First American). Our immediate response was to assess the extent of the incident and its potential impact on our products and, more importantly, our customers’ data.
After a comprehensive analysis, we can confirm that the security incident is limited in scope and has no impact outside of our Title Direct product. No products or services offered by Quandis have been compromised. We want to emphasize that the security and privacy of our customers’ data are of utmost importance to us, and we have taken swift and decisive action to address this matter.
To our Title Direct users, we are working with First American to determine the scope of the incident, and whether any title orders were impacted. We understand the concern this may raise, and we want to assure you that we are taking all necessary steps to mitigate the impact of the incident on your title orders. Our team is working diligently to route title orders to alternate vendors, until the First American security incident is resolved. In the meantime, we are providing our Title Direct customers the option to re-route title orders to alternate providers until First American is back online.
For customers utilizing our other products, please rest assured that your data remains secure and unaffected by this incident. We have implemented rigorous security protocols across our entire product suite to safeguard your information.
Microsoft CrowdStrike Falcon Outage
/in Applications, Platform, Products /by epatrickOn Thursday July 18 Microsoft cloud services were impacted globally due to a faulty CrowdStrike Falcon security agent installed on Microsoft cloud servers. Microsoft and Crowdstrike resolved this problem on Friday July 19th.
Quandis uses Microsoft Azure for CI/CD, thus we were indirectly impacted as new code releases were delayed during that outage period.
Quandis does not use CrowdStrike products thus our web applications and staff workstations were not impacted
First American Security Incident
/in Products, Security /by epatrickQuandis is issuing an update on a security incident that impacted a Quandis business partner, First American. We want to assure our valued customers that the incident is isolated and has no effect on any of our products, except for Title Direct customers routing title orders to First American Title.
On December 21, we were made aware of a security incident involving one of our business partners (First American). Our immediate response was to assess the extent of the incident and its potential impact on our products and, more importantly, our customers’ data.
After a comprehensive analysis, we can confirm that the security incident is limited in scope and has no impact outside of our Title Direct product. No products or services offered by Quandis have been compromised. We want to emphasize that the security and privacy of our customers’ data are of utmost importance to us, and we have taken swift and decisive action to address this matter.
To our Title Direct users, we are working with First American to determine the scope of the incident, and whether any title orders were impacted. We understand the concern this may raise, and we want to assure you that we are taking all necessary steps to mitigate the impact of the incident on your title orders. Our team is working diligently to route title orders to alternate vendors, until the First American security incident is resolved. In the meantime, we are providing our Title Direct customers the option to re-route title orders to alternate providers until First American is back online.
For customers utilizing our other products, please rest assured that your data remains secure and unaffected by this incident. We have implemented rigorous security protocols across our entire product suite to safeguard your information.
Apache Struts Vulnerability – Quandis not Impacted
/in Security /by epatrickQuandis does not use Apache or Struts, and is not affected by the vulnerability announced in CVE-2023-50164 .
Fidelity National Financial Security Incident
/in Products, Security /by epatrickQuandis is issuing an update on a security incident that impacted a Quandis business partner, Fidelity National Financial (FNF). We want to assure our valued customers that the incident is isolated and has no effect on any of our products, except for Title Direct customers routing title orders to ServiceLink.
On November 28, we were made aware of a security incident involving one of our business partners (FNF). Our immediate response was to assess the extent of the incident and its potential impact on our products and, more importantly, our customers’ data.
After a comprehensive analysis, we can confirm that the security incident is limited in scope and has no impact outside of our Title Direct product. No products or services offered by Quandis have been compromised. We want to emphasize that the security and privacy of our customers’ data are of utmost importance to us, and we have taken swift and decisive action to address this matter.
To our Title Direct users, we are working with ServiceLink to determine the scope of the incident, and whether any title orders were impacted. We understand the concern this may raise, and we want to assure you that we are taking all necessary steps to mitigate the impact of the incident on your title orders. Our team is working diligently to route title orders to alternate vendors, until the FNF security incident is resolved.
For customers utilizing our other products, please rest assured that your data remains secure and unaffected by this incident. We have implemented rigorous security protocols across our entire product suite to safeguard your information.
Protecting Service Member Data Amidst National Security Concerns
/in Uncategorized /by epatrickIn the wake of recent news highlighting national security risks associated with the sale of service member data, it’s imperative to reiterate our unwavering commitment to safeguarding the privacy and integrity of service members’ information at Quandis Military Search (QMC). Our automated service ensures that no Quandis employees are involved in data processing, and it strictly caters to customers who have a legitimate financial relationship with service members, solely for SCRA and MLA compliance. The security measures in place exceed Department of Defense standards, emphasizing our dedication to data protection. As national security concerns loom large, our focus remains firmly on ensuring the responsible and secure handling of service member data in alignment with the highest ethical and legal standards.
HTTP/2 Rapid Reset Vulnerability: Quandis Not Affected, Cloud providers have remediated
/in Uncategorized /by epatrickVulnerabilities in the HTTP/2 protocol were recently announced a per CVE-2023-44487.
Quandis uses cloud services from AWS, Azure and Google.
These cloud providers have remediated the HTTP/2 issue as per the links below.
Our web applications are hosted in AWS which are fronted by AWS Application Load Balancers, and AWS has remediated the HTTP/2 issue.
MOVEit Transfer Vulnerability: Quandis Not Affected
/in Uncategorized /by wcoulterQuandis is not impacted by the MOVEit Transfer vulnerability flagged by CVE-2023-34362 as we do not use the product.
Silicon Valley Bank (SVB) and Signature Bank failures: Quandis Not Affected
/in Uncategorized /by wcoulterThe recent failure of SVB and Signature Bank does affect Quandis or QBO-based systems.
Quandis does not have a relationship with either bank and none of our cloud service providers are impacted ( AWS, Microsoft, Google )
Okta/Sitel breach: Quandis Not Affected
/in Uncategorized /by epatrickThe recent security breach at Okta’s via their partner Sitel does not affect Quandis or QBO-based systems. Quandis does not use Okta’s IDP platform.
Apache Log4j2 Vulnerability: Quandis Not Affected
/in Uncategorized /by epatrickQuandis is not impacted by the Apache Log4j2 vulnerability flagged by CVE-2021-44228.