SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    NY Charges First American Financial for Massive Data Leak
Date    Monday August 03 2020, @10:18AM
Author    Fnord666
Topic   
from the fitting-punishment-or-cost-of-doing-business? dept.
https://soylentnews.org/article.pl?sid=20/08/03/0024209

upstart writes in with an IRC submission:

NY Charges First American Financial for Massive Data Leak:

Santa Ana, Calif.-based First American [NYSE:FAF] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019.

As first reported here last year, First American's website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images.

The documents were available without authentication to anyone with a Web browser.

According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years.

Worse still, the DFS found, the vulnerability was discovered in a penetration test First American conducted on its own in December 2018.

"Remarkably, Respondent instead allowed unfettered access to the personal and financial data of millions of its customers for six more months until the breach and its serious ramifications were widely publicized by a nationally recognized cybersecurity industry journalist," the DFS explained in a statement on the charges.

[...] The records exposed by First American would have been a virtual gold mine for phishers and scammers involved in so-called Business Email Compromise (BEC) scams, which often impersonate real estate agents, closing agencies, title and escrow firms in a bid to trick property buyers into wiring funds to fraudsters. According to the FBI, BEC scams are the most costly form of cybercrime today.

First American's stock price fell more than 6 percent the day after news of their data leak was published here. In the days that followed, the DFS and U.S. Securities and Exchange Commission each announced they were investigating the company.

Original Submission

Links
  1. "upstart" - https://soylentnews.org/~upstart/
  2. "NY Charges First American Financial for Massive Data Leak" - https://krebsonsecurity.com/2020/07/ny-charges-first-american-financial-for-massive-data-leak/
  3. "First American" - https://en.wikipedia.org/wiki/First_American_Corporation
  4. "NYSE:FAF" - https://www.marketbeat.com/stocks/NYSE/FAF/
  5. "$6.2 billion in 2019" - http://investors.firstam.com/investors/overview/default.aspx
  6. "first reported here last year" - https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/
  7. "a filing" - https://www.dfs.ny.gov/system/files/documents/2020/07/ea20200721_first_american_notice_charges.pdf
  8. "a statement" - https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202007221
  9. "trick property buyers into wiring funds to fraudsters" - https://krebsonsecurity.com/2017/04/blind-trust-in-email-could-cost-you-your-home/
  10. "U.S. Securities and Exchange Commission" - https://krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/
  11. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=42441
© Copyright 2023 - SoylentNews, All Rights Reserved

printed from SoylentNews, NY Charges First American Financial for Massive Data Leak on 2023-07-17 22:51:17