First American Data Breach of December 2023 Impacts 44,000 People

Written by Mitchell Langley

May 29, 2024

First American Data Breach of December 2023 Impacts 44,000 People

Major Title Insurance Firm First American Financial Suffers Security Incident That Affects 44,000 People

In late May 2024, major title insurance firm First American Financial Corporation disclosed a data breach that occurred in December 2023, according to an SEC filing.

After taking some systems offline in December to contain the effects of a cyberattack, First American conducted an investigation into the incident which revealed that unauthorized actors had accessed systems and obtained sensitive personal information of approximately 44,000 individuals.

As one of the largest title insurance companies in the United States, First American collects and stores large amounts of personal and financial data on title-related documents for hundreds of thousands of customers annually through their proprietary EaglePro application.

Previous First American Data Breach and Settlement

The latest data breach comes just one month after First American settled a yet another huge cybersecurity incident from May 2019 that also involved EaglePro. In this incident, the application was found to have a vulnerability that allowed external actors to access documents without proper authentication, exposing customer data.

In November 2023, First American paid $1 million to the New York Department of Financial Services (DFS) for violating cybersecurity regulations in relation to the May 2019 breach. The DFS criticized First American’s security practices and found that senior management had been aware of the vulnerability in EaglePro.

Response and Impact of the December 2023 Breach

Regarding the December 2023 incident, First American stated they would “provide appropriate notifications to potentially affected individuals and offer those individuals credit monitoring and identity protection services at no cost to them.”

The breach came only a month after First American settled with New York regulators over their previous incident, highlighting ongoing security issues at the company. Affected individuals are advised to closely monitor accounts for signs of fraud and identity theft following a compromise of this scale.

Title Insurance Companies are a Consistent Target

First American is not alone in facing security threats as a title insurance provider. In November 2023, competitor Fidelity National Financial also suffered a “cybersecurity incident” forcing them to temporarily take down systems.

Later in January 2024, Fidelity confirmed via SEC filing that attackers used malware and had stolen personal data belonging to around 1.3 million customers.

The successful targeting of two leading US title insurance companies in close succession suggests cybercriminals are recognizing both the value of the sensitive financial data held by these entities, as well as potential security vulnerabilities left unaddressed.

The December 2023 First American data breach compromised sensitive personal records for 44,000 people, marking yet another setback for the company’s cyberdefenses and underscored the need for strengthened security posture across the title insurance sector.

Related Articles

How AI is Revolutionizing Phishing Attacks

How AI is Revolutionizing Phishing Attacks

 -  New: New Phishing attacks have long been a major concern for enterprise organizations wordwide. As technology continues to advance, cybercriminals are finding new and innovative ways to exploit vulnerabilities and deceive unsuspecting individuals. In recent years,...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!