First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack.
"First American has experienced a cybersecurity incident," the company said in a statement published on a website dedicated to the cyberattack. Its official website was taken offline before this article was published.
"In response, we have taken certain systems offline and are working to return to normal business operations as soon as possible."
Founded in 1889, First American provides financial and settlement services to home buyers and sellers, real estate professionals, and others involved in residential and commercial property transactions.
As a title insurance specialist, the California-based company reported a total revenue of $7.6 billion last year and has over 21,000 employees, according to Fortune.
On November 28, First American paid a $1 million penalty to settle violations of New York's Department of Financial Services' Cybersecurity Regulation stemming from a May 2019 breach.
"As the nation's second-largest title insurance company, First American collects the personal and financial data of hundreds of thousands of individuals annually on title-related documents and stores that information in its proprietary EaglePro application," New York's DFS said.
"In May 2019, First American senior management learned of a vulnerability in the application whereby any individual in possession of the link used to access EaglePro could access not only their own documents without authentication, but also those of individuals in unrelated transactions."
A First American spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
Title insurance providers under attack
Fidelity National Financial, another American title insurance provider, issued a similar disclosure last month, saying that its network was impacted by a "cybersecurity incident."
"In addition, we took containment measures such as blocking access to certain of our systems resulting in varying levels of disruption to our businesses," the company said in a filing with the U.S. Securities and Exchange Commission.
While it didn't provide further details, Fidelity National Financial said the incident was "contained on November 26" and was still working on restoring "normal business operations."
In a previous filing, the company revealed that the attackers "acquired certain credentials" after accessing some of its systems.
Even though Fidelity National Financial has yet to attribute the attack, the ALPHV/BlackCat ransomware gang claimed the breach on November 22.
Comments
KnewIt - 4 months ago
Another company gets hacked because their workers are “working” at home. It should be required that these employees work in the office. Especially when they deal with sensitive data. Instead they are at home or at coffee shops on equipment/networks that aren’t maintained or updated by an IT department.
MisoPhat - 4 months ago
"Another company gets hacked because their workers are “working” at home. It should be required that these employees work in the office. Especially when they deal with sensitive data. Instead they are at home or at coffee shops on equipment/networks that aren’t maintained or updated by an IT department. "
Sorry but that’s the old way of thinking about network security, to where you setup a perimeter with firewalls around a building, that allows users to VPN to the office.
With today’s world that no longer works. SaaS products like Zscaler provide way more protection at the desktop layer and can isolate per device vs controlling access with a firewall.
Also the article said it was a bug in an in-house application making your argument about working remotely a moot point. The bug could have been written at the office or in a coffee shop.
KnewIt - 4 months ago
So you are saying someone “working” from home has the same secure network as someone in the office? What about when their kid goes to some sketchy site to watch free movies and compromises their home network? Or they go to the coffee shop to get out of the house and connect to the public wifi? Sounds like you might know what the correct thing is to do. But I don't care how many of the training videos employees are required to watch about security, some people still do the wrong thing.
MisoPhat - 4 months ago
If the right technology is in place, tools like Zscaler enable Zero Trust Network Access. This means your work laptop gets consistent protection wherever it's connected to the internet. You'll have the same access to company apps without needing VPNs or extra training.
It seems like you might have concerns about remote work. I've been working remotely for the past 13 years. For me, commuting two hours daily to sit in an office isn't necessary. I can effectively manage and maintain global servers to provide essential services for companies. The work I've done at my past two companies has indirectly impacted almost everyone.
NoneRain - 4 months ago
Devices are better protected within zero trust/ztna, than with the secure-perimeter approach, IF you really implement zero trust, and not just a leg of it.
Mind you most of attacks happen cuz of phishing at small/med size companies, and credential+tokens+2FA theft with the big companies. If you successfully implemented zero trust, a single credential compromise wouldn't do much, because it would be only one item of a list os itens needed to grant access.
If your device only accepts connection with ZTNA and only run known secure apps and services, your systems only accept connection with the right certs, tokens, devices and credentials, you might just (try) to connect to the open WIFI. Not a chance for a port scan or a MitM...