First American Financial, the real estate title insurance company, may have provided unauthorized access to the financial information of its customers.
According to a report in The Wall Street Journal citing First American Financial, the firm said a design defect in one of its applications may have exposed the data of its customers. The company said it hired an independent security forensic company to make sure there wasn’t access to sensitive customer data. “Therefore, the company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect if any, this had on the security of customer information,” according to a statement from the firm. A spokesman for the real estate title company declined to tell The Wall Street Journal how many customers were impacted by the potential exposure. First American Financial offers customers title insurance, settlement services and trust services both in the U.S. and internationally. It had revenue of $5.7 billion last year, reported the paper.
The exposure was first spotted by Krebs on Security, a security news website run by cyber expert Brian Krebs. Krebs said late last week that the data exposure at First American Financial exposed hundreds of millions of documents pertaining to mortgage deals dating as far back as 2003. The records reportedly included bank account numbers, mortgage and tax records as well as other sensitive information. A person familiar with the issue told The Wall Street Journal that First American has in place a security program that has multiple layers and alerts it if there are exposures. The system apparently didn’t work, but the company doesn’t think there was a leak of the data or that it was transferred to a hacker.
Krebs said in the blog post that it wasn’t clear if hackers and criminals accessed the data, but that if they got their hands on it, it would be a “virtual gold mine,” reported The Wall Street Journal.