Millions of Title Insurance Records Leaked by First American Financial Corporation

According to the security news and investigation group KrebsOnSecurity, nearly 900 million title insurance records held by First American Financial Corp. have likely been leaked. First American is the largest title insurance and settlement service provider in the country. However, it might be one of the worst companies when it comes to cybersecurity, based on the investigator’s findings.

How Big is the First American Info Leak?

KrebsOnSecurity found that virtually any title insurance record stored digitally on First American’s website could be accessed by any internet user as long as they typed in the correct URL. There was no authentication step required to see the full document. The earliest document the investigator was able to retrieve in full without any need for a password or authenticated ID was dated back to 2003. According to the group’s research, about 885 million files could be accessed by third parties since as early as March 2017, if not sooner.

Digitized files uploaded to the website were assigned a nine-digit code that was used in the URL to access that file. Modifying that code at all in the URL would retrieve the record associated with that new code. In theory, anyone with an internet browser could type in a random nine-digit code into the URL and get full access to a stranger’s title insurance record. The investigator typed in dozens of random codes into the web browser and continually retrieved new records without being asked to input a password.

Information located on title insurance records usually includes:

  • Full bank account numbers
  • Mortgage information
  • Tax records
  • Social Security numbers
  • Wire transfer receipts
  • Drivers licenses
  • Name and address of involved parties
  • And more

At this time, First American Financial Corp. has not commented on how many files were actually leaked or vulnerable. However, a scammer with access to any of those files could easily conduct a phishing scam using the information there, tricking title insurance holders into sending them finances while posing as their title insurance provider. KrebsOnSecurity noted that such phishing scams cause the most financial harm among all types of cybercrime, based on Federal Bureau of Investigation (FBI) information. As such, the consequences of the vulnerable information could be immense and widespread.

(You can view the full KrebsOnSecurity article about the First American Financial records vulnerability by clicking here.)

Call Our Philadelphia Data Breach Attorneys Now

Golomb Legalin Philadelphia, Pennsylvania is currently hearing from plaintiffs who have had their title insurance records leaked by First American Financial Corp. and accepting many of their cases. At this time, we intend to continue to speak with potential plaintiffs to form a class action against First American in pursuit of fair compensation and justice. We are uniquely qualified to handle such high stakes and complex cases, having recovered more than $2 billion in verdicts and settlements through class action litigation and individual lawsuits in the past. There is no size opposition that can intimidate or slow our team of determined attorneys.

Is First American handling your title insurance for your real estate transaction? Your confidential information was likely vulnerable to third parties and hackers. Learn how to file a data breach lawsuit by calling (215) 278-4449 or using an online contact form now.