First American Leaks Hundreds of Millions of Title Insurance Records

first american data breachOne of the leading title insurance providers in the U.S., First American Financial Corp., has leaked hundreds of millions of documents related to mortgage deals dating back to 2003. The Santa Ana, California-based company provides title insurance and settlement services to millions of Americans and employs around 18,000 people.

The data breach was identified last Friday in an article by Brian Krebs, an expert on cybersecurity. Many of the exposed files are records of wire transactions with bank account numbers and other personal information from either home or property owners and sellers. First American has since disabled part of the website that made it possible to gain unauthorized access to customer data. 

If you think any of your information was stolen during this data breach, please contact our trusted personal injury attorneys in Sacramento for a free consultation. There is no risk or obligation to pursue legal action.

Details on the Massive Leak

Security flaws in the company’s website exposed digitized documents, including:

  • Mortgage and tax records
  • Bank account numbers and statements
  • Wire transaction receipts
  • Driver’s license images without authentication
  • Social Security numbers

In total, about 885 million records going back as early as 16 years ago were leaked. No prior authentication was required to read any of these documents.

First American is currently evaluating the effect this has had on the security of customer information. The company will not comment on the overall number of records potentially exposed on their site or how long those records were publicly available. A spokesperson did remark that the company took immediate action to address the situation and closed external access to the site that contained the records.

Title insurance providers such as First American regularly handle private information. They use their own records and public documents to verify a seller’s true identify as a property owner and that the property is free from liens. Then the company collects a premium when the property closes and pays any costs that may come up if someone disputes the new owner’s right to the property.

Ben Shoval, a real estate developer based in Washington state, first noticed the vulnerability when he received a link from First American early last week. The link sent him to a document with details of his transaction but when he modified any numbers to the form in either direction, other people’s private information would appear. No log-in or password was required. He tried contacting the company and received no response before taking this information to Krebs.

Nonetheless, it is still unclear whether any cybercriminals uncovered this security issue and exploited it to steal customer information before the issue was addressed. The information leaked by First American could have been misused by phishers and scammers involved in Business Email Compromise (BEC) scams, during which they would impersonate real estate agents, closing agencies, and title and escrow firms.

Security and risk management experts agree that the magnitude of this leak is a cautionary tale of how even large companies often neglect to put top security into the design of their online services.

First American has yet to offer any way for customers to determine whether their personal information has been compromised.

How to Protect Yourself After a Data Breach

Data breaches and leaks are becoming more common. You may have already received a letter detailing how your data has been compromised and how your personal information is at risk. However, this does not necessarily mean that your data was exposed. There are several steps you can take that may help ensure that your identity and finances remain intact. These include the following:

  • Contact your financial institutions – Be sure to let your bank, credit union, mortgage lender or other financial institutions know that your data has been compromised. This also includes notifying your health insurance provider. They will keep an eye out for any suspicious activity on your account, such as fraudulent purchases or unauthorized prescriptions.
  • Monitor your billing and financial statements – Regularly monitor your checking, bank and credit card statements for any purchases you did not make. Take advantage of free security alerts through your banking institution. You may also have the option to track your account activity via email or text through your mobile device.
  • Change your passwords – It is best practice to change your passwords every 90 days and use a two-factor authentication for added security. Be sure to use numbers, symbols, uppercase and lowercase letters in your new passwords to help deter easier access to your online accounts. 
  • Check your credit report – Review your credit report and financial reports periodically. Certain companies offer a free copy of your credit score once a year. For added protection, you may want to consider signing up for a credit monitoring service to manage instances of identity theft.

Consumer Reports also suggests that you should freeze your credit at the major credit bureaus. This will help prevent criminals from being able to take out loans or use credits cards in your name or utilize other personal information. Best of all, setting it up costs nothing. 

Contact Our Experienced Attorneys for Legal Help

If your personal and sensitive data may have been compromised due to First American’s data breach, contact The Arnold Law Firm to determine your options. Large corporations have a responsibility to protect your private information from hackers and cybercriminals. When they fail to do so, these companies should be held liable for the damages that you have suffered.

The attorneys at our firm have years of experience representing victims who have been harmed by corporate misconduct. We are prepared to fight on your behalf.  Learn more about your rights during a free, no obligation consultation.

Call us now at (916) 777-7777 or fill out our free online form to get started.