First American Financial Cyberattack

2023-12-20

Incident Details

First American Financial Corp (one of the largest US title insurance providers) shut down its systems in late December 2023 after attackers accessed and encrypted non-production data. 44,000 individuals’ names, addresses, SSNs, driver’s license numbers, government IDs, financial information, and dates of birth were compromised. Disclosed via SEC 8-K. The disruption impacted real estate closings across the US. First American had also paid a $1 million NYDFS penalty in 2024 for its earlier 2019 data exposure incident.

Technical Details

Initial Attack Vector: Threat actors gained access to First American Financial systems and exfiltrated non-production data before encrypting it; initial access vector not publicly disclosed

Timeline

2023-12-20 Breach occurred
2023-12-21 Publicly disclosed
2024-05-28 Customers notified