Ransomware
First American Financial Cyberattack
Primary Source βIncident Details
First American Financial Corp (one of the largest US title insurance providers) shut down its systems in late December 2023 after attackers accessed and encrypted non-production data. 44,000 individuals’ names, addresses, SSNs, driver’s license numbers, government IDs, financial information, and dates of birth were compromised. Disclosed via SEC 8-K. The disruption impacted real estate closings across the US. First American had also paid a $1 million NYDFS penalty in 2024 for its earlier 2019 data exposure incident.
Technical Details
- Initial Attack Vector
- Threat actors gained access to First American Financial systems and exfiltrated non-production data before encrypting it; initial access vector not publicly disclosed
Timeline
- 2023-12-20 Breach occurred
- 2023-12-21 Publicly disclosed
- 2024-05-28 Customers notified