First American Breach Retrospective

This post was originally published here by Paul Sullivan.

Krebs On Security recently broke the news that First American, a major financial services corporation, had about 885 million real estate documents exposed on its website, with records dating back to 2003. First American is one of the largest providers of real estate title insurance, and these documents contained sensitive information such as Social Security numbers as well as financial data belonging to individuals and small businesses.


Oftentimes, these large breaches occur because of a small mistake, such as failing to install software updates in a timely fashion – like what happened to Equifax in 2017. Breaches also can occur when access is given to an unauthorized user. In the case of First American, no authentication was required to view the documents, meaning any visitor to the site could have simply gone through all of the documents and siphoned off the data. Security mishaps like this are common when organizations fail to equip themselves with the proper security tools.

An investigation has been launched and a class action lawsuit has been filed against First America. This is yet another reminder that poor security at financial institutions is very costly for both the companies and their customers. Many financial institutions are migrating to the cloud and are in need of a solution for data and threat protection. Fortunately, security tools like access control, encryption, and cloud security posture management (CSPM) can help organizations keep sensitive information secured.

To learn more about the state of cybersecurity in financial services, download Financial World: Breach Kingdom.

Photo:HIPAA Journal


No posts to display