First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut down a number of systems, including its website.
At the time of writing, the official website firstam.com was still offline, while a dedicated notification site – firstamupdate.com – had been set up. There is a short message about the latter that states: “First American has experienced a cybersecurity incident. In response, we have taken certain systems offline and are working to resume normal business operations as quickly as possible. Updates will be posted on this page.”
Unfortunately, no additional information has been posted. We've reached out to company representatives for more information and will update the article if we hear back from them. Normally, companies would shut down their systems in the event of a ransomware attack. If it is indeed a ransomware attack, chances are the attackers also stole sensitive customer and employee information.
American financial colossus
First American Financial Corporation is an American financial services company that provides title insurance and settlement services to the real estate and mortgage industries. It was founded in 1889 and generated $7.6 billion in revenue last year. The head office is located in California and employs more than 21,000 employees.
According to a BleepingComputer According to the report, this is not FirstAm's first investigation into cyber incidents. About a month ago, it paid a $1 million fine to settle violations of the New York Department of Financial Services (DFS) Cybersecurity Regulation for a data breach that occurred in May 2019.
“As the nation's second-largest insurance company, First American collects the personal and financial information of hundreds of thousands of individuals on title-related documents annually and stores this information in its proprietary EaglePro application,” New York-based DFS said. “In May 2019, First American's senior management learned of a vulnerability in the application that allowed any individual in possession of the link used to access EaglePro to not only access their own documents without authentication, but also to that of individuals in unrelated transactions.”