Insurance giant First American confirms that thousands of users have suffered a data breach
First American, one of the largest insurance companies in the United States, has confirmed that sensitive data belonging to thousands of people has been lost in a ransomware attack.
In late December 2023, news of a cyberattack on First American emerged, forcing the company to shut down some of its systems, including its website. Shortly afterwards, it filed a form with the US Securities and Exchange Commission (SEC) confirming that it had been attacked with ransomware, and it suspected that the attackers had stolen sensitive information:
“While the incident remains under investigation, the company believes the perpetrator of the activity gained access to certain corporate systems, exfiltrated data, and encrypted data on certain non-production systems,” First American said in the filing. “The company continues to assess whether the incident will have a material impact on the company’s financial condition or results of operations, which cannot be determined at this time.”
Completed research
Now, an updated form filed on May 28 shows that the company has completed its investigation into the incident.
“Based on our investigation and findings, the company has determined that personal information of approximately 44,000 individuals may have been accessed without authorization as a result of the incident,” the update said.
“The company will provide appropriate notices to potentially affected individuals and provide these individuals with credit monitoring and identity protection services at no charge.”
Unfortunately, it is still unknown who the threat actors are, or what type of data they stole. Typically, ransomware operators will come forward to claim responsibility for the attack and threaten to release the stolen data to the dark web, as a way to pressure the victim to pay their ransom. The threat also usually comes with a sample of the stolen data, which can help investigators gain more insight into what was lost.