44,000 people impacted by First American data breach
A cyber attack that took place in December 2023 has impacted approximately 44,000 individuals at First American Financial Corporation, the second-largest title insurance company in the United States.
Back in December, the California-based insurance company disclosed it had become the victim of a cyber attack. At the time, First American provided very few details over the security incident. However, it did say it took some of its systems offline in order to minimize the impact of the attack.
In a 8-K form addressed to the Securities and Exchange Commission (SEC), the insurance company disclosed some of the details of what went down in December. First American says that it discovered "unauthorized activity" on its IT systems last year. It then launched an investigation to ascertain what exactly happened.
Five months later the investigation of the incident was concluded. “Based upon our investigation and findings, the Company has determined that personal information pertaining to approximately 44,000 individuals may have been accessed without authorization as a result of the incident,” First American concludes.
The insurance company promises to provide “appropriate notifications to potentially affected individuals.” It will also offer free credit monitoring and identity protection services.
First American suffered security breach back in 2019
It wasn’t the first time First American Financial Corporation was attacked by hackers. In May 2019, the company also suffered a security breach. The company agreed to pay a one million dollar fine to the New York state for violating cybersecurity regulations.
“As the nation's second-largest title insurance company, First American collects the personal and financial data of hundreds of thousands of individuals annually on title-related documents and stores that information in its proprietary EaglePro application,” a spokesperson of the Department of Financial Services said in a statement.
“In May 2019, First American senior management learned of a vulnerability in the application whereby any individual in possession of the link used to access EaglePro could access not only their own documents without authentication, but also those of individuals in unrelated transactions.”
Your email address will not be published. Required fields are marked