The NY State Department of Financial Services has reached a $1 million settlement with First American Title Insurance Co. for violations related to a First American Title Insurance breach in 2019.
The First American Title Insurance breach, which occurred in May 2019, exposed a staggering 885 million documents containing non-public customer data.
This security lapse was attributed to a vulnerability found in the company’s proprietary EaglePro application, with documents dating back to 2003 being compromised.
First American Title Insurance breach update: First American Title Insurance to Pay $1 Million
First American Title Insurance Co., the second-largest title insurance company in the U.S., faced scrutiny for its failure to maintain effective governance and classification, proper access controls, and risk assessment policies.
As part of the settlement, the company has committed to implementing measures to enhance the security of customer data.
This settlement follows closely on the heels of a cyberattack on Fidelity National Financial, one of the nation’s largest title insurance companies, just a week prior.
Fidelity, based in Jacksonville, Florida, experienced a suspected ransomware attack that led to disruptions in its operations. The company is currently assessing the financial and operational impact of the breach.
Decoding First American Title Insurance breach
The First American Title Insurance breach came to light when management learned of the EaglePro vulnerability in May 2019.
This flaw allowed unauthorized individuals to access documents via a link without the need for proper authentication, potentially exposing sensitive information such as Social Security numbers, driver’s licenses, and tax and banking details.
A cybersecurity journalist reported on the vulnerability in the same month, revealing that 885 million documents were at risk. The investigation revealed that the company’s management was aware of the vulnerability before the story broke.
In response to the settlement, First American Title Insurance Co. expressed satisfaction that the matter has been resolved. The company reaffirmed its commitment to supporting customers in the secure and efficient transfer of real estate in New York.
In a broader context, the state of New York has recently enhanced its cybersecurity regulations to include improvements in governance, training, and requirements for reporting ransomware payments. These measures reflect the ongoing efforts to strengthen cybersecurity safeguards in the face of online threats to sensitive data and critical infrastructure.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
