It has been reported that First American Financial Corporation, one of the largest title insurance companies in the United States, was compromised in December when its computer systems were taken down due to a cyberattack that compromised the information of almost 44,000 individuals. Since its founding in 1889, this organization has provided financial and settlement services to real estate professionals, buyers, and sellers involved in purchasing and selling residential and commercial properties. According to the company's report, it generated $6 billion in revenue last year, resulting in over 21,000 employees.
First American Financial Services announced on December 21 that it had taken some of its systems offline today to contain the impact of a cyberattack, as the financial services company provided little information as to the nature of the attack in a statement provided in the statement.
First American announced the following day that they had taken their email systems offline as well and that First American Title and FirstAm.com subsidiaries had also been affected by the same. Almost a week later, on January 8, 2024, the financial services firm announced that it was starting to restore some of its systems, but the full restoration of the company's systems was not announced until a week later.
In December, First American informed the Securities and Exchange Commission (SEC) that the company had suffered a data breach resulting from a computer incident, as well as that certain non-production systems had been encrypted as a result of the data breach. As of May 28, an updated form filed by the company indicates that their investigation into the incident has been completed.
A company update reads: "After reviewing our investigation and findings, we have determined that as a result of the incident, we may have been able to access the personally identifiable information of nearly 44,000 individuals without their permission," the statement reads.
According to the title insurance provider, “the Company will provide appropriate notification to potentially affected individuals and offer those individuals credit monitoring and identity protection services at no charge to them.” Five months later, on May 28, the company announced it would not be providing credit monitoring and identity protection services to potentially affected individuals at no cost to them.
The US Securities and Exchange Commission (SEC) has confirmed that the attackers gained access to some of its systems and were able to access sensitive information collected by the organization after an investigation into the incident was conducted.
A full report of the incident has been prepared. In the meantime, the investigation has been completed and the incident has been resolved by the company. First American has concluded that as a result of our investigation and findings, personal information regarding about 44,000 individuals may have been accessed without authorization," the company stated.
There will be no costs for affected individuals to use credit monitoring and identity protection services if proper notification is provided to them. The company will provide appropriate notifications to potentially affected individuals.
First American Insurance Company, which is considered the second-largest title insurance company in the nation, collects personal and financial information of hundreds of thousands of individuals each year through title-related documents and then stores it in its EaglePro application, which was developed in-house, according to DFS of New York.
There was a security vulnerability that was discovered by First American senior management in May 2019 that allowed anyone who had access to EaglePro's link to access the application without requiring any authentication to access not just their documents, but those of individuals involved in unrelated transactions as well."
Similarly, Fidelity National Financial, a title insurance provider in the United States, was also the target of a "cybersecurity issue" in November of last year. Various levels of disruption to the company's business operations meant that some of its systems were also taken offline to contain the attack, as a result of which some operations were disrupted.
An SEC filing made in January confirmed that the attackers had stolen the data of approximately 1.3 million customers using malware that did not self-propagate and that did not spread through network resources.