Article Details

Title insurance giant First American offline after cyberattack. First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. "First American has experienced a cybersecurity incident," the company said in a statement published on a website dedicated to the cyberattack. Its official website was taken offline before this article was published. "In response, we have taken certain systems offline and are working to return to normal business operations as soon as possible." Founded in 1889, First American provides financial and settlement services to home buyers and sellers, real estate professionals, and others involved in residential and commercial property transactions. As a title insurance specialist, the California-based company reported a total revenue of $7.6 billion last year and has over 21,000 employees, according to Fortune. On November 28, First American paid a $1 million penalty to settle violations of New York's Department of Financial Services' Cybersecurity Regulation stemming from a May 2019 breach. "As the nation's second-largest title insurance company, First American collects the personal and financial data of hundreds of thousands of individuals annually on title-related documents and stores that information in its proprietary EaglePro application," New York's DFS said. "In May 2019, First American senior management learned of a vulnerability in the application whereby any individual in possession of the link used to access EaglePro could access not only their own documents without authentication, but also those of individuals in unrelated transactions." A First American spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today. Title insurance providers under attack Fidelity National Financial, another American title insurance provider, issued a similar disclosure last month, saying that its network was impacted by a "cybersecurity incident." "In addition, we took containment measures such as blocking access to certain of our systems resulting in varying levels of disruption to our businesses," the company said in a filing with the U.S. Securities and Exchange Commission. While it didn't provide further details, Fidelity National Financial said the incident was "contained on November 26" and was still working on restoring "normal business operations." In a previous filing, the company revealed that the attackers "acquired certain credentials" after accessing some of its systems. Even though Fidelity National Financial has yet to attribute the attack, the ALPHV/BlackCat ransomware gang claimed the breach on November 22.