Title insurance giant First American Financial told the Securities and Exchange Commission that it has restored some key systems impacted by a pre-Christmas cyberattack and believes it has "contained the threat" more than a week after shutting down systems to combat the incident.
While the incident is still under investigation, the company believes the perpetrator accessed specific systems, exfiltrated data, and encrypted data on non-production systems.
"As of the date of this filing, the company believes it has contained the incident. The company is in the process of restoring access to its systems and resuming normal business operations. Though the incident is still under investigation, the Company believes the perpetrator of the activity accessed certain company systems, exfiltrated data and encrypted data on certain non-production systems. The company continues to assess whether the incident will have a material impact on the Company’s financial condition or results of operations, which at this point cannot be determined.”
The company announced last week that FirstAm.com has been restored and that its bank, First American Trust, “continues to accept incoming wires, and all funds at First American Trust and our third-party partner banks remain secure.”
First American's ACI appraisal system, Charles Jones public records search, and the FraudGuard loan quality assurance platform are back online.
Customers expressed frustration over the firm's response to the incident, with some citing difficulties in initiating wire transfers, leading to missed closing dates. This isn't the first time First American has faced a cybersecurity attack.
On Nov. 28, 2023, the New York Department of Financial Services announced that First American Title Insurance Company would pay a $1 million penalty for violations of the NYDFS Cybersecurity Regulation in connection with a May 2019 data breach. The NYDFS investigated the company’s response to the data breach and alleged that First American knew of a vulnerability in its technical systems that exposed consumers’ non-public information, but failed to investigate or report the vulnerability until several months later.
The cyberattack of First American follows recent breaches at Fidelity National Financial and Mr. Cooper Group.
