Thursday, June 13, 2024

Title insurer First American Financial is hackers’ latest target

Must read

The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.

The nation’s second biggest title insurer, First American Financial Corp., is the latest victim of a wave of cybersecurity attacks that has disrupted computer networks at more than 1,000 businesses and government entities.

In a terse announcement just after noon Eastern time Thursday, First American said it had “experienced a cybersecurity incident,” had “temporarily taken certain systems offline and is working to return to normal business operations as soon as possible.”

The company said it will provide updates at as they become available.

The second biggest of the “big four” title insurers, First American also provides settlement services, data products, valuation services, mortgage subservicing, and banking and wealth management services.

The nation’s largest title insurer, Fidelity National Financial (FNF), discovered on Nov. 19 that an unauthorized third party had accessed some of its systems and acquired credentials and data. FNF said the incident was contained on Nov. 26 and has not commented on reports that the company was the target of a ransomware attack exploiting a software vulnerability in Netscaler, Citrix Bleed.

Loan servicing giant Mr. Cooper was forced to shut down its systems for four days at the beginning of November after uncovering a security breach that the company now says may have compromised the personal information of nearly 15 million past and present customers.

The compromised information included Social Security numbers, dates of birth and bank account numbers, and Mr. Cooper is offering those who might have been affected two years of free identity protection services and credit monitoring by TransUnion.

A ransomware group known as Blackcat, ALPHV or Noberus, has infiltrated the computer networks of more than 1,000 victims, “including networks that support U.S. critical infrastructure,” the Department of Justice and FBI said in an announcement this week.

A decryption tool developed by the FBI is being used by “dozens of victims in the United States and internationally,” and has so far saved “multiple victims from ransom demands totaling approximately $68 million,” the Justice Department said.

In a Dec. 19 advisory, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) detailed steps companies should take to beef up their protections against ransomware attacks.

Settlements reached in 2019 incident

Last month, First American agreed to pay $1 million to the New York State Department of Financial Services to settle allegations that subsidiary First American Title Insurance Company failed to protect clients’ personal information in a proprietary document sharing solution, EaglePro.

According to a Nov. 27 consent order First American entered into with New York regulators, a cybersecurity journalist warned the company in May 2019 that a design fault in EaglePro had left 885 million documents dating back as far as 2003 exposed to the public.

After further investigation, regulators determined that First American’s Cyber Defense Team had discovered the issue in December 2018, and recommended that it be fixed “as soon as possible” in a January 2019 report.

But the report didn’t make its way to senior executives, and First American did not fix the problem or inform the public until the last week in May 2019, the Securities and Exchange Commission alleged in a 2021 settlement agreement. First American agreed to pay a $487,616 civil penalty to the SEC without admitting or denying the allegations.

Editor’s note: This story has been updated to include details about settlements reached by First American to settle allegations that a design flaw in its EaglePro solution exposed clients’ personal information.

Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.

Email Matt Carter

More articles

Latest article