Title insurer First American back online after cybersecurity incident

Must read

The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.

Title insurance giant First American Financial’s website was back online Thursday “with some limits to functionality” and the company continuing efforts to return to normal business operations following a cybersecurity incident that led First American and many of its subsidiaries to isolate their systems from the internet on Dec. 20.

First American, the nation’s second-largest title insurer, posted on 7:14 p.m. Eastern time Wednesday that its bank, First American Trust, “continues to accept incoming wires, and all funds at First American Trust and our third-party partner banks remain secure.”

It was the first update the company had provided since Dec. 22, when First American warned clients to look out for fake emails because it had taken its email system offline.

At 8:01 a.m. Eastern on Thursday, First American posted that the company’s website, FirstAm.com, had been restored. Traffic to FirstAmUpdate.com, a temporary website the company created to provide bulletins on the cybersecurity incident, is now redirected to FirstAm.com/updates.

Some, but not all, First American subsidiaries affected by the cybersecurity incident were also back online Thursday, including DataTrace Information Services, ServiceMac LLC and First American Trust.

Valuation technology firm ACI, another First American subsidiary whose website has been offline, was continuing to refuse connections as of 1 p.m. Eastern on Thursday.

A ransomware group known as Blackcat, ALPHV or Noberus, has allegedly infiltrated the computer networks of more than 1,000 victims, “including networks that support U.S. critical infrastructure,” the Department of Justice and FBI said last week.

In a Dec. 19 advisory, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) detailed steps companies should take to protect against ransomware attacks.

First American has not provided details on the nature of the cybersecurity incident. In a Dec. 22 Securities and Exchange Commission filing, First American said it had “recently identified unauthorized activity on certain of its information technology systems” and having “retained leading experts, is working with law enforcement and notified certain regulatory authorities.”

Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.

Email Matt Carter

More articles

Latest article