First American Financial Corporation says December cyber attack impacted 44,000 individuals

U.S. financial services company First American Financial Corporation said the sensitive personal information of about 44,000 individuals was compromised in a data security incident it experienced in December.

 

Headquartered in California, First American is among the largest American financial services companies and provides title insurance and settlement services to the real estate and mortgage industries.

 

In a filing with the U.S. Securities and Exchange Commission, First American said that on December 22, it identified unauthorised activities in certain parts of its network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

In a data security incident notice, the company said that the threat actor who infiltrated its network “accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems.”

 

It added that the cyber attack took down its employee email system; its websites FirstExchange.com, InvestEagle.com, and 1031Service.com; the IgniteRE platform for residential real estate professionals; ClarifyFirst, its digital solution for commercial real estate transactions; the PRISM marketing and automation toolkit for title agents; AgentNet platform for title agents; and the FirstAmericanTrust website.

 

In its SEC filing, First American added that it has identified around 44,000 individuals whose sensitive personal data was compromised during the incident.

 

The company said it will notify the affected individuals and offer them complimentary credit monitoring and identity protection services.

 

Commenting on the news, Erfan Shadabi, cybersecurity expert at Comforte AG, said, “While financial institutions must adhere to stringent cybersecurity regulations, compliance alone is insufficient to protect against sophisticated cyberattacks. The increasing frequency and severity of data breaches highlight the need for more advanced security measures.

 

“As the threat landscape continues to evolve, adopting comprehensive security strategies that go beyond mere regulatory compliance will be crucial for safeguarding sensitive information and securing competitive advantages in the insurance industry,” he added.