Title Insurance Giant First American Hit by Cyberattack, Disrupting Operations

Yesterday, First American Financial Corporation, the second-largest title insurance company in the U.S., took steps to mitigate the impact of a cyberattack by temporarily shutting down some of its systems.

The company released a statement on a dedicated cyberattack website, stating, “First American has experienced a cybersecurity incident.” The company is actively working to restore normal business operations, having taken certain systems offline in response to the incident.

Established in 1889, First American offers financial and settlement services for home buyers and sellers, real estate professionals, and individuals involved in residential and commercial property transactions. It is a California-based title insurance specialist with over 21,000 employees and reported a total revenue of $7.6 billion last year, according to Fortune.

In a previous cybersecurity incident in May 2019, First American paid a $1 million penalty for violating New York’s Department of Financial Services’ Cybersecurity Regulation. The breach exposed a vulnerability in the company’s EaglePro application, allowing unauthorized access to title-related documents. The incident led to the unauthorized access of personal and financial data for hundreds of thousands of individuals.

As of now, a spokesperson for First American has not provided further details or comments on the current cyberattack.

This incident follows a similar disclosure from Fidelity National Financial, another U.S. title insurance provider, which reported a “cybersecurity incident” impacting its network last month. Fidelity National Financial took containment measures, including blocking access to certain systems, resulting in disruptions to its businesses. The incident was contained on November 26, with ongoing efforts to restore normal business operations. The company previously revealed that the attackers had acquired certain credentials after accessing some of its systems. Although the company has not officially attributed the attack, the ALPHV/BlackCat ransomware gang claimed responsibility on November 22.