Hundreds of millions of documents and personally identifiable information related to mortgage deals from First American Financial Corp. were leaked online due to a website vulnerability going back possibly to 2003.
According to a report by KrebsOnSecurity, digitized records including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images were available – without authentication – to anyone with access to a web browser. Although First American has yet to disclose the total number of records exposed to the vulnerability, an analysis of identification markers suggests that the number may be as high as 885 million. If you are interested, the Krebs article linked above provides more information regarding the breach.
First American Financial Corp.’s website has stated that an outside forensic firm has been retained to aid in assessing the extent to which any customer information may have been compromised. Though the ongoing investigation is in its early stages, at this time there is no indication that any large-scale unauthorized access to sensitive customer information occurred. The company plans to provide updates on its investigation exclusively on its website at https://www.firstam.com/incidentupdate.
The EEFCU encourages our members who have used First American Financial Corp. to continue to monitor the incident link provided by First American Financial Corp. for updates and instructions as well as monitoring your credit for anything out of the ordinary.