Security Gap Leaves 885 Million Mortgage Documents Exposed

  Back to News

First American Financial Corporation, a provider of title insurance, said Friday that it had fixed a vulnerability in its website that exposed 885 million records related to mortgage deals going back 16 years.

The vulnerability would have allowed anyone to gain access to Social Security numbers, bank account details, drivers license and mortgage and tax records.

The security failure was first reported by Brian Krebs, the cybersecurity writer who last year reported a flaw in the way Facebook was storing hundreds of millions of user passwords.

First American, based in Santa Ana, Calif., said in a statement Friday afternoon that it addressed the security gap after it was notified by Mr. Krebs. “We are currently evaluating what effect, if any, this had on the security of customer information,” the company’s statement said. “We will have no further comment until our internal review is completed.”

The incident was the latest example of an under-the-radar company that retained enormous amounts of sensitive personal and financial data but was not effectively protecting that information.

In 2017, Equifax, one of the three major consumer credit reporting agencies, said the information for more than 145 million consumers — including Social Security numbers — was stolen.

Two years before that, the network of the Office of Personnel Management, which houses sensitive data like the fingerprints and medical histories of United States government employees, was also breached.

Organizations have paid little price for their security mishaps.

Last year, a study found that credit agencies actually profited after the Equifax breach, by charging fees to customers who subsequently chose to freeze their credit. The study, from Wakefield Research, found that $10 freezing fees had added up to about $1.4 billion in revenue for the credit agencies, including Equifax.

But that liability has started to shift. On Wednesday, Moody’s, the ratings agency, cut its outlook on Equifax, the first time a company has been downgraded because of a cybersecurity incident. The move is a signal to companies that losing customers’ data may lead to real costs.

Equifax said this month that it had spent $1.35 billion so far responding to its breach, including $690 million that it recently earmarked to cover some of its anticipated legal settlements.

Thieves are constantly scanning the internet for weaknesses that can be exploited for access to personal data, or financial records, that can be used for identity theft and financial fraud.

First American’s shares fell 2 percent on Friday in after-hours trading.

In a presentation to investors in 2015, Dennis Gilmore, First American’s chief executive, was asked about cybersecurity.

“We take it very, very serious and first of all, we structure our databases and our operating systems,” Mr. Gilmore said. “It’s an issue that we continue to spend a lot of time on both operating at the board level and at the committee level, something we take very serious and we watch very, very closely.”

Mr. Krebs said he learned of the vulnerability in First American’s website after getting tipped off by Ben Shoval, a real estate developer in Washington State. Mr. Shoval contacted Mr. Krebs, who maintains a well-respected security news site, after getting little response from the company.

Mr. Krebs notified First American and waited for the company to fix the flaw before publicizing it.

All that was needed to exploit the vulnerability was tweaking a single digit in the address of a file reached through the site. No password or other login credentials were required. Most of the 885 million exposed files were wire transactions with bank account numbers, data that First American collects because it is a widely used seller of real estate title insurance.

“This is the kind of weakness that should have been found in a basic security assessment of the company’s website,” Mr. Krebs said.

This content has been reproduced from its original source.

SHARE:

  BACK

How Title Fraud Works

Thieves simply change ownership of your home from YOU to THEM. Then they TAKE OUT LOANS on your home and just disappear - leaving YOU with the payments and a mountain of legal bills.

Click to see if your home's title has been compromised.
Get your FREE TITLE SCAN and COMPREHENSIVE TITLE REPORT (a $100 value FREE with sign up)

SIGN UP TODAY

Speak to a live agent
(800) 899-6268

100% Money Back Guarantee Within First 60 Days


Home Title Lock

Property ownership is not just the American dream, it's also the most flexible financial tool to build family prosperity. Home Title Lock ensures that your assets are protected against Title Fraud and Title Thieves.

Find Out More


You Need Home Title Lock to Protect Your Property

Thirty years ago we started creating the largest database of property records in the United States. Today, that database has 6.1 billion property records. We protect your property value and ownership from on-line threats both foreign and domestic.

GET PROTECTED

Speak to a live agent
(800) 899-6268


Watch This Now

SIGN UP TODAY

How Easily Title Fraud Occurs

EVERYTHING is stored online in the cloud - including your home's title

1

Domestic and international thieves scour online records for homes with equity. It could be the home you live in, your vacation home, a home of an elderly relative, or rental property you own.


2

Once they change your home's ownership from YOU to THEM, they re-file the Quitclaim Deed for your home with the proper authorities so it appears your home has been legally sold.


3

They take out personal loans through banks and online lenders using all your home's equity. You likely won't know you're a victim until you start receiving late payments or foreclosure notices.

Click to see if your home's title has been compromised.
Get your FREE TITLE SCAN and COMPREHENSIVE TITLE REPORT (a $100 value FREE with sign up)

FREE 30-Day Trial

Speak to a live agent
(800) 899-6268

ACCORDING TO THE FBI:
Title and Mortgage Fraud are the fastest growing white collar crimes in America.

Everything is stored online these days - including your home's title. Domestic and international cyber-thieves target U.S. homeowners equity in their homes. Removing you from your home's title takes just minutes. Then they forge their name on the title document and refile it. Next, they take out loans using your home's equity and stick you with the payments. You likely won't know until you get a late payment or foreclosure notice from several banks.

Get your FREE TITLE SCAN and COMPREHENSIVE TITLE REPORT (a $100 value FREE with sign up)

FREE 30-Day Trial  

Title Fraud is NOT COVERED by

Your Bank

Legal Trust

Homeowners Insurance

Identity Theft Protection

You Need Home Title Lock to Protect Your Property

GET PROTECTED
Sign Up  

Activate Title Lock alerts and secure your property from fraudulent title filings