One of the leading title insurance providers in the U.S., First American Financial Corp., has leaked hundreds of millions of documents related to mortgage deals dating back to 2003. The Santa Ana, California-based company provides title insurance and settlement services to millions of Americans and employs around 18,000 people.
The data breach was identified last Friday in an article by Brian Krebs, an expert on cybersecurity. Many of the exposed files are records of wire transactions with bank account numbers and other personal information from either home or property owners and sellers. First American has since disabled part of the website that made it possible to gain unauthorized access to customer data.
If you think any of your information was stolen during this data breach, please contact our trusted personal injury attorneys in Sacramento for a free consultation. There is no risk or obligation to pursue legal action.
Security flaws in the company’s website exposed digitized documents, including:
In total, about 885 million records going back as early as 16 years ago were leaked. No prior authentication was required to read any of these documents.
First American is currently evaluating the effect this has had on the security of customer information. The company will not comment on the overall number of records potentially exposed on their site or how long those records were publicly available. A spokesperson did remark that the company took immediate action to address the situation and closed external access to the site that contained the records.
Title insurance providers such as First American regularly handle private information. They use their own records and public documents to verify a seller’s true identify as a property owner and that the property is free from liens. Then the company collects a premium when the property closes and pays any costs that may come up if someone disputes the new owner’s right to the property.
Ben Shoval, a real estate developer based in Washington state, first noticed the vulnerability when he received a link from First American early last week. The link sent him to a document with details of his transaction but when he modified any numbers to the form in either direction, other people’s private information would appear. No log-in or password was required. He tried contacting the company and received no response before taking this information to Krebs.
Nonetheless, it is still unclear whether any cybercriminals uncovered this security issue and exploited it to steal customer information before the issue was addressed. The information leaked by First American could have been misused by phishers and scammers involved in Business Email Compromise (BEC) scams, during which they would impersonate real estate agents, closing agencies, and title and escrow firms.
Security and risk management experts agree that the magnitude of this leak is a cautionary tale of how even large companies often neglect to put top security into the design of their online services.
First American has yet to offer any way for customers to determine whether their personal information has been compromised.
Data breaches and leaks are becoming more common. You may have already received a letter detailing how your data has been compromised and how your personal information is at risk. However, this does not necessarily mean that your data was exposed. There are several steps you can take that may help ensure that your identity and finances remain intact. These include the following:
Consumer Reports also suggests that you should freeze your credit at the major credit bureaus. This will help prevent criminals from being able to take out loans or use credits cards in your name or utilize other personal information. Best of all, setting it up costs nothing.
If your personal and sensitive data may have been compromised due to First American’s data breach, contact The Arnold Law Firm to determine your options. Large corporations have a responsibility to protect your private information from hackers and cybercriminals. When they fail to do so, these companies should be held liable for the damages that you have suffered.
The attorneys at our firm have years of experience representing victims who have been harmed by corporate misconduct. We are prepared to fight on your behalf. Learn more about your rights during a free, no obligation consultation.
Wrongfully blamed: What really happened to Randy Stevens
Randy Stevens opened his eyes and saw his wife standing over him in a hospital room. He had no idea what had happened. His last memory was of standing next to his truck trailer and watching as a Security Contractor Services forklift driver struggled to load an ungainly pallet of...Learn More
Last winter, a commercial truck and trailer made an abrupt wide turn into the path of a 24-year-old motorcyclist. The resulting collision sent Justin to the hospital with a collapsed lung, multiple fractured bones and a traumatic brain injury.
Justin's mother realized that her son needed legal help. While he was still in a coma...Learn More