(Photo: First American Financial)
An estimated 885 million digitized documents from mortgage deals dating back to 2003 have been exposed by First American Financial Corp., a provider of title insurance and other services to the real estate and mortgage industries , According to a report by the KrebsOnSecurity security news site
That exposure apparently puts at risk bank account numbers and statements, mortgage and tax records, social security numbers, wire transaction receipts, and driver license images, Krebs reported , all of which could be read without authentication by anyone with a web browser.
"On May 24th, First American learned of a design defect in one of its production applications that made possible unauthorized access to customer data," the company wrote. in a statement provided to USA TODAY. "Security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers' information."
The statement added that First American took immediate action to address the situation and shut down external access to the application. are currently evaluating what effect, if any, this had on the security of customer information. We have hired an outside forensic firm to assure us that there has been no meaningful unauthorized access to our customer data. "
Brian Krebs, who he was the author of the report, wrote that he was contacted by a Washington state real estate developer, Ben Shoval, who told him that he had little luck getting a response from First American about what he found, which was "that a portion of its website (firstam.com) was leaking if not hundreds of millions of records. "
The Krebs report says Shoval discovered that" anyone who knew the URL for a valid document at the Web site could view o ther documents just by modifying a single digit in the link. ”
Krebs separately confirmed the real estate developer's findings. The respected security researcher, formerly a Washington Post reporter, was recently the first to report another high profile data when he flagged that hundreds of millions of users had their passwords stored in plain text format that could be searched by more than 20,000 Facebook employees.
The impact of this latest exposure is potentially enormous, given the number of individuals who have been sent a document link via email by First American, Krebs says.
"The exposure suffered by First American underscores the need for a comprehensive approach to securing systems and networks, especially areas that house sensitive information, "says Bob Rudis, chief data scientist at the Rapid7 Labs security company.
"Firewalls, anti-malware solutions, and other security-specific controls are not sufficient to reduce unwanted exposure," says Rudis. "Tyler Owen, director of solution engineering at another security firm, CipherCloud says First American is guilty of gross negligence." believe that everyone in the information security industry is becoming quite number to these types of disclosures as they seem to be happening almost weekly. No matter the bad press and potential negative impacts to a company, organizations are not placing enough emphasis on data security and secure processes. "For his part, Rudis says the real are the consumers whose data has been exposed. 19659006] Unfortunately they have "little recourse," he says.
"We have no information on who might have accessed this over time and further have real information on any misuse of this data as a result of the temporal exposure," Rudis says
He advises consumers to monitor your credit report regularly and puts them free of charge on all credit applications immediately, and use the tools provided by your financial organizations to ensure that activity is occurring without your knowledge. American has to say about the matter.
First American Financial is a financial services company that provides title insurance, homeowners insurance, home warranties, such as for appliances, and d various closing and other services for lenders. The company, with nearly $ 6 billion in revenue and 19,000 employees, is the nation's largest provider of title insurance, which covers a homeowner in the event of claims that challenge the validity of the property's ownership.
Email: firstname.lastname@example.org ; Follow @edbaig on Twitter
Contributing: Paul Davidson
Read or Share this story: https://www.usatoday.com/story/tech/2019/05/24/first-american-financial-may-have -exposed-personal-data-in-mortgages / 1228113001 /