First American Financial Corporation was hit by a cyberattack on Wednesday, the company confirmed Thursday, forcing the company to take certain systems offline.
The incident follows similar breaches at Fidelity National Financial (FNF), the mortgage and real estate industries’ largest underwriter of title insurance, on Nov. 19, and Mr. Cooper Group, one of the nation’s largest mortgage servicers, on Halloween. While FNF has remained quiet about the extent of the breach, lawsuits filed against Mr. Cooper Group indicate the data of nearly 15 million customers were exposed.
As the situation unfolds, First American will be providing updates at FirstAmUpdate.com. As of the publishing of this article, that website reads: “First American has experienced a cybersecurity incident. In response, we have taken certain systems offline and are working to return to normal business operations as soon as possible. Updates will be posted to this page.”
No filing has yet been filed with the Securities and Exchange Commission (SEC). The SEC’s new rules for public companies’ cybersecurity disclosures, effective as of Sept. 5, 2023, includes “a requirement to disclose material cybersecurity incidents four business days after a public company determines the incident is material and a requirement to disclose annually information regarding cybersecurity risk management, strategy, and governance,” per the SEC’s website. As a public company, First American must comply with these new rules.
The incident comes on the heels of a $1 million, November settlement between First American Title Insurance Co. and the New York State Department of Financial Services for violations stemming from a 2019 data leak.
