Missing name's picture

Leading U.S. title insurer may have exposed millions of client records

First American Financial Corp., one of the largest U.S. title insurers, may have allowed unauthorized access to more than 885 million records related to mortgage deals going back to 2003, according to a security researcher.

The flaw was outlined Friday in an article by Brian Krebs, a cybersecurity expert. Digitized records including “bank-account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts and driver’s license images were available without authentication to anyone with a web browser,” he wrote.

In a statement, First American said that it learned of a “design defect in one of its production applications that made possible unauthorized access to customer data” and has shut down external access.

“We are currently evaluating what effect, if any, this had on the security of customer information,” the company said. “We have hired an outside forensic firm to assure us that there has not been any meaningful unauthorized access to our customer data.”

Title insurers such as First American use their records and public documents to verify a seller is a property’s true owner and that it is free from liens. The companies collect a premium at the closing of the purchase and pay costs that may arise if someone disputes the new owner’s right to the property. That work means they regularly handle private information.

Ben Shoval, a real estate developer in Washington state, said he noticed the vulnerability after getting a link from First American earlier this week.

“I clicked on it and it sent me to a document that was for my transaction,” he said in an interview. “But when I looked at the link, I realized that if I just changed one number in it, it would show me other people’s private documents.”

Shoval said he tried notifying First American but received no response. Then he contacted Krebs, who was able to confirm the vulnerability and estimate its scale.

Krebs wrote in his article that he notified First American of the issue. He also noted that he didn’t have any information on whether fraudsters knew about the weakness or if any documents had been mass-harvested.

Earlier on Friday, he suggested that the leak was “truly massive.” The company’s shares fell 2.2% in post-market trading before rebounding.

A spokesman for First American declined to comment on the number of records potentially exposed or how long they were publicly available.

The exposure of the records is the latest in a series of data breaches that have affected hundreds of millions of Americans.

Last year, Marriott International said that a data breach lasting four years compromised the personal information of up to 500 million of its hotel guests. The data included passport numbers, birth dates and potentially credit card information, in addition to contact information such as mailing addresses and email addresses.

In 2017, Equifax shook the financial world when the credit reporting agency said criminals had exploited a flaw in its software to gain access to the Social Security numbers and other personal information of more than 140 million Americans.

This content has been reproduced from its original source.

Share This Article

More Articles


Today's System Isn't Protecting You From Title Theft

"People think there's somebody that's checking your signature. Nobody is checking any of these things. Nobody is looking out for you but you."

— Matthew Cox (Convicted Home Title Thief)

  • County clerk won't call you if someone changes title on your home
  • Homeowners insurance doesn't cover home title theft
  • Credit card or traditional identity protection doesn't cover home title theft

Protect Yourself today, with Home Title Lock.

  • 24/7 monitoring of your Title
  • Instant alerts if we detect tampering with your title or mortgage
  • Access to our team of Title Restoration Experts

How Easily Title Fraud Occurs

EVERYTHING is stored online in the cloud - including your home's title information

  • 1
    Domestic and international thieves scour online records for homes with equity. It could be the home you live in, your vacation home, a home of an elderly relative, or rental property you own.
  • 2
    Once they change your home's ownership from YOU to THEM, they re-file the Quitclaim Deed for your home with the proper authorities so it appears your home has been legally sold.
  • 3
    They take out personal loans through banks and online lenders using all your home's equity. You likely won't know you're a victim until you start receiving late payments or foreclosure notices.
Man with concealed face wearing a dark colored hooded sweater

Click to see if your home's title has been compromised.
Get your FREE TITLE SCAN and COMPREHENSIVE TITLE REPORT(a $100 value FREE with sign up)

Sign Up

Speak to a live agent

(800) 899-6268

Title Fraud is NOT COVERED by

Your Bank

Legal Trust

Homeowners Insurance

Identity Theft Protection

Signing Up Is Easy - Start Your Subscription Today

Title Lock alerts help you detect property fraud before it's too late.
Create your account for only pennies per day.

Sign Up Today

The Leader in Home Title Protection