Skip to main content

First American Financial Restores Systems After Cyberattack, Believes Threat Contained

Jan 02, 2024
cybesecurity
News Director

Title insurance giant First American Financial reports progress in recovery efforts following a cyberattack and customer frustrations rise due to service disruptions.

Title insurance giant First American Financial told the Securities and Exchange Commission that it has restored some key systems impacted by a pre-Christmas cyberattack and believes it has "contained the threat" more than a week after shutting down systems to combat the incident. 

While the incident is still under investigation, the company believes the perpetrator accessed specific systems, exfiltrated data, and encrypted data on non-production systems. 

"As of the date of this filing, the company believes it has contained the incident. The company is in the process of restoring access to its systems and resuming normal business operations. Though the incident is still under investigation, the Company believes the perpetrator of the activity accessed certain company systems, exfiltrated data and encrypted data on certain non-production systems. The company continues to assess whether the incident will have a material impact on the Company’s financial condition or results of operations, which at this point cannot be determined.”

The company announced last week that FirstAm.com has been restored and that its bank, First American Trust, “continues to accept incoming wires, and all funds at First American Trust and our third-party partner banks remain secure.”

First American's ACI appraisal system, Charles Jones public records search, and the FraudGuard loan quality assurance platform are back online. 

Customers expressed frustration over the firm's response to the incident, with some citing difficulties in initiating wire transfers, leading to missed closing dates. This isn't the first time First American has faced a cybersecurity attack.

On Nov. 28, 2023, the New York Department of Financial Services announced that First American Title Insurance Company would pay a $1 million penalty for violations of the NYDFS Cybersecurity Regulation in connection with a May 2019 data breach. The NYDFS investigated the company’s response to the data breach and alleged that First American knew of a vulnerability in its technical systems that exposed consumers’ non-public information, but failed to investigate or report the vulnerability until several months later.

The cyberattack of First American follows recent breaches at Fidelity National Financial and Mr. Cooper Group.

About the author
Christine Stuart is the news director at NMP.
Published
Jan 02, 2024
Rocket Mortgage Sues HUD Over Regulatory, Enforcement Discrepancies

Rocket seeks dismissal of the DOJ's October lawsuit alleging the lender committed racial appraisal bias.

Dec 05, 2024
CFPB Finalizes Rule Increasing Federal Oversight On Nonbank Fintechs

The final rule concerns lenders that offer digital payment apps and handle more than 50 million transactions per year.

Banking Regulator Testifies On Digital Transition, Climate Risks

Head of the OCC shares front-line perspectives as federal agencies prepare for a second Trump administration

Nov 20, 2024
FHA Proposes Looser Boarder Income Requirements For Qualifying Borrowers

The proposed changes reduce acceptable rental income history from two years to 12 months, among other expansions of FHA guidelines

Nov 20, 2024
New Calendar, Or Dictionary, Needed For AnnieMac

Half-a-dozen class-action law firms have launched investigations into AnnieMac's "proactive" handling of a late-August data breach.

Consumer Watchdog Invites State Regulators To Dance

As regulatory roll-backs loom over financial sectors, the CFPB says consumers' financial data rights are states' to forfeit