885 Million Consumer Records Exposed by First American Financial

First American Financial Data Leak

What Happened?

As of Friday, May 24th, news broke that First American, the leading title insurance provider for real estate transactions in the U.S., had a security incident that exposed 885 million consumer records. Security researcher Brian Krebs reported that these compromised records contained the personal and financial details of consumers buying or selling property in the U.S. spanning as far back as 2003. Documents that included Social Security numbers, bank account numbers, financial statements, driver’s license images, and mortgage and tax records were readily available for download on the First American web site, meaning that anyone could access them — no login credentials required.

First American Financial has disabled its document hosting site in response to Krebs’ report, but his research showed that these records were publicly available since at least March 2017.

Should You Be Worried?

While it’s not yet known if cybercriminals stole these documents without the company’s knowledge, the types of data exposed could leave millions of consumers vulnerable to identity theft and fraud. If compromised, these records can be used to commit wire fraud, open new lines of credit, apply for government benefits, and much more.

If you’ve bought or sold a home in the past 16 years, it’s likely that First American was involved in processing the transaction. We will keep you informed about any new developments surrounding this security incident.

3 Tips to Stay Protected

  1. Monitor your financial accounts. Keep a close eye on your bank and credit card statements, and if you receive an alert, be sure to investigate for any suspicious activity.
  2. Freeze your credit. By freezing your credit at each of the three credit bureaus you’ll restrict access to your credit report, adding an extra layer of defense against identity thieves.
  3. More tips for data breach victims. Follow these nine tips to help you stay alert to fraud and further safeguard your identity from cyber thieves.

Continue following Fighting Identity Crimes to get the latest breach and scam updates, ID protection news & tips from our industry experts!

Follow us on social!
Facebook | Twitter | LinkedIn 


The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.