First American Financial Corporation, one of the largest providers of title insurance and settlement services in the US, was hit by a cyberattack that disrupted its online operations and forced it to shut down its IT systems. The attack, which occurred on December 18, 2023, was detected by the company’s security team and reported to the authorities. First American said it was working to restore its services as soon as possible and to protect its customers’ data and privacy.
First American’s Cybersecurity Incident
According to a statement from the company, the cyberattack was a ransomware attack, which involves encrypting the victim’s data and demanding payment for its decryption. The attackers also threatened to leak the data if the ransom was not paid. The company did not disclose the amount of the ransom or whether it paid it.
The attack occurred on Friday, December 18, 2023, at around 10:00 a.m. EST, when the company’s website and online services became inaccessible. The company’s security team quickly identified the attack and isolated the affected systems. The company also notified the Federal Bureau of Investigation (FBI) and other law enforcement agencies, as well as its customers and business partners.
The company said it was conducting a thorough investigation to determine the scope and impact of the attack, and to identify the attackers and their motives. The company also said it was cooperating with the authorities and following the best practices for incident response and recovery.
Impact on First American and the Real Estate Industry
The cyberattack had a significant impact on First American’s business operations and reputation, as well as on the real estate industry as a whole. The company’s website and online services, which include title search, escrow, closing, and post-closing services, were unavailable for several days, affecting thousands of transactions and customers across the country. The company also had to suspend its email and phone communications and rely on alternative methods to communicate with its customers and employees.
The potential consequences for the customers of First American were also serious, as they could face delays, losses, or fraud due to the attack. The customers’ data, which includes personal and financial information, such as names, addresses, social security numbers, bank account numbers, and mortgage details, could be compromised, stolen, or exposed by the attackers. The customers could also be targeted by phishing or scam attempts, using the information obtained from the attack.
The cyberattack on First American was not an isolated incident, but rather part of a growing trend of cyberattacks on the real estate industry. According to a report from the FBI, the number of ransomware attacks on the real estate sector increased by 110% in 2023, compared to 2022. The report also warned that the real estate industry was a lucrative target for cybercriminals, due to the large amounts of money and sensitive data involved in the transactions.
Steps Taken by First American
In response to the cyberattack, First American took several steps to mitigate the damage and to resume its normal business operations. The company said it had activated its business continuity plan, which involved taking its systems offline, backing up its data, and restoring its services from backup servers. The company also said it had hired external cybersecurity experts to assist with the recovery and to enhance its security measures.
The company said it was working diligently to restore its website and online services as soon as possible, and to minimize the inconvenience and disruption for its customers and employees. The company also said it was providing support and guidance to its customers, and offering them free credit monitoring and identity theft protection services for one year.
The company said it was committed to preventing future attacks and to protecting its customers’ data and privacy. The company said it was reviewing and updating its security policies and procedures, and implementing additional safeguards and controls. The company also said it was investing in advanced technology and training to strengthen its cybersecurity posture and resilience.
