In an article a little dated, we are going to learn how First American got charged for their breach. According to Krebs on Security, First American is a mortgage company.
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately
885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of
their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties.
According to the article, it is a leading title insurance and settlement services agency. They are based in Santa Ana, which is in Southern California. It braught in 6.2 billion dollars in 2019 alone.
As first reported here last year, First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage
and tax records, Social Security numbers, wire transaction receipts, and drivers license images.
The documents were available without authentication to anyone with a Web browser.
This is not the first time I’ve seen this type of mistake happen. I’m sure searching the blog or even the Internet as a whole will turn up various articles. We’ve got to get better in training people that leaving these databases exposed like this will become a potential problem. I hope that this charge and potential fine or however it works is a wakeup call for businesses to care.
To read more, Check out Krebs on Security’s article: NY Charges First American Financial for Massive Data Leak for full details.