First American Financial Customers Sue Over Data Breach

First American Financial Corp., the title insurance company that exposed the data on hundreds of millions of mortgages dating as far back as 2003, is being sued in a class-action lawsuit.

The complaint was filed with the United States District Court for the Central District of California by Gibbs Law Group on behalf of David Gritz, a resident of Pennsylvania who had bought and sold several homes. First American was the title insurer for 11 housing deals.

The lawsuit contends that First American Financial Corp. broke its privacy promises by “definitely storing sensitive documents on a publicly accessible system,” arguing that the bank should know better than to do that, “as it offers its own cybersecurity insurance product to companies in the event of cybersecurity breaches, whether the result of cyberattacks, cybercrime, or internal carelessness.”

The financial impact of the data breach – which included bank account numbers, Social Security numbers, financial and tax records, and images of drivers’ licenses – is more than $5 million, according to the damages the lawsuit is seeking.

Last week, the news broke that First American Financial exposed the data on 885 million mortgages, with the company blaming the exposure on a design defect in one of its applications. The company said it hired an independent forensics company to ensure there sensitive customer data was not accessed. The data breach was first spotted by Krebs on Security, a security news website run by cyber expert Brian Krebs. Krebs said in a blog post that it wasn’t clear whether hackers and criminals had accessed the data, but that if they got their hands on it, it would be a “virtual gold mine,” reported The Wall Street Journal.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the November 2019 AML/KYC Report, Zillow’s Justin Farris tells PYMNTS how the platform incorporates stringent authentication without making the onboarding and buying experiences too complex.