Security & Fraud

SEC Probing First American Financial’s Data Breach

SEC Is Looking Into First American Financial Data Leak Affecting 885M People

The U.S. Securities and Exchange Commission is reportedly investigating a security breach at First American Financial Corporation that saw the exposure of upwards of 885 million financial records and personal files related to mortgages dating back to 2003.

KrebsOnSecurity reported the breach in May. Included in the exposed data are bank account numbers, statements, tax and mortgage records, receipts for wire transfers, personal social security numbers and pictures of drivers’ licenses. The security company reported that all the information was accessible without any need for authentication.

The story broke when a real estate developer in Seattle named Ben Shoval received a letter from the SEC that said it was looking into whether First American broke any federal securities regulations. The regulatory agency asked him to provide anything he had that was tied to the data exposure.

“This investigation is a non-public, fact-finding inquiry,” the letter said. “The investigation does not mean that we have concluded that anyone has violated the law.”

First American is also being investigated by regulators in New York over cybersecurity regulation that requires companies to provide regular audits, and it’s also the purview of a class action lawsuit that says it “failed to implement even rudimentary security measures.”

For its part, First American has been trying to downplay how bad the exposure has been, calling the breach a “design defect” of its online site. It said that on June 18, a review of its system logs by another independent company, “based on guidance from the company, identified 484 files that likely were accessed by individuals without authorization. The company has reviewed 211 of these files to date and determined that only 14 (or 6.6 percent) of those files contain non-public personal information. The company is in the process of notifying the affected consumers and will offer them complimentary credit monitoring services.”

On July 16, First American said that it had concluded an investigation and found only 32 consumers whose data was accessed without permission.

“These 32 consumers have been notified and offered complimentary credit monitoring services,” the company said.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.