More than a week after it shut down systems to combat a cybersecurity incident, title insurance giant First American Financial says it has restored some key systems and “contained the threat.”
Though details about the hack — which has delayed closings across the country — remain sparse, a filing was made with the Securities and Exchange Commission on Friday for the first time disclosing data theft.
“As of the date of this filing, the Company believes it has contained the incident. The Company is in the process of restoring access to its systems and resuming normal business operations. Though the incident is still under investigation, the Company believes the perpetrator of the activity accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems. The Company continues to assess whether the incident will have a material impact on the Company’s financial condition or results of operations, which at this point cannot be determined.”
The company announced late this week that FirstAm.com has been restored (with some limits to functionality), and that its bank, First American Trust, “continues to accept incoming wires, and all funds at First American Trust and our third-party partner banks remain secure.”
First American said the websites of title solutions provider DataTrace and ACI, a valuation technology subsidiary, are up and running as of Friday afternoon. Its home warranty website was also online, as were its public records search and FraudGuard platforms.
The websites of First American Financial and the newly created website to provide updates on the incident, however, still have limited functionality.
The First American Financial umbrella includes First American Title Insurance and First American Title Guaranty, as well as nearly two dozen subsidiaries.
Customers of First American took to LinkedIn to express frustration over the firm’s response to the incident.
One user commented: “Why [are there] no specific updates on ACI or really anything of substance for that matter. Is your leadership team on vacation or incompetent? Because the lack of any kind of communication plan in a crisis comes from the top.”
In another comment, a homebuyer said she had trouble initiating a wire transfer for two weeks, resulting in a missed closing date.
“The most recent update provided by First American is, in my view, entirely unsatisfactory. The assertion that funds are secure and can be accepted is contradicted by the practical reality that, once within their system, accessing said funds becomes an insurmountable challenge,” a buyer said.
This is not the first time First American experienced a cybersecurity attack.
First American detected a cybersecurity breach in May 2019 as a result of a vulnerability within its proprietary EaglePro application, which it uses to store consumer data. It paid nearly $500,000 in a settlement to the SEC in 2019. And in late November, First American was asked to pay $1 million to the New York DFS as part of a cybersecurity violation settlement relating to the 2019 breach and exposure of consumers’ non-public information.
The title industry has seen a fair share of security breaches over the years, including the massive ransomware attack on cloud storage provider Cloudstar in 2021, as well as the very recent ransomware attack on Fidelity National Financial, which led to a shutdown of some of its network.