The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.

The nation’s second biggest title insurer, First American Financial Corp., is the latest victim of a wave of cybersecurity attacks that has disrupted computer networks at more than 1,000 businesses and government entities.

In a terse announcement just after noon Eastern time Thursday, First American said it had “experienced a cybersecurity incident,” had “temporarily taken certain systems offline and is working to return to normal business operations as soon as possible.”

The company said it will provide updates at FirstAmUpdate.com as they become available.

The second biggest of the “big four” title insurers, First American also provides settlement services, data products, valuation services, mortgage subservicing, and banking and wealth management services.

The nation’s largest title insurer, Fidelity National Financial (FNF), discovered on Nov. 19 that an unauthorized third party had accessed some of its systems and acquired credentials and data. FNF said the incident was contained on Nov. 26 and has not commented on reports that the company was the target of a ransomware attack exploiting a software vulnerability in Netscaler, Citrix Bleed.

Loan servicing giant Mr. Cooper was forced to shut down its systems for four days at the beginning of November after uncovering a security breach that the company now says may have compromised the personal information of nearly 15 million past and present customers.

The compromised information included Social Security numbers, dates of birth and bank account numbers, and Mr. Cooper is offering those who might have been affected two years of free identity protection services and credit monitoring by TransUnion.

A ransomware group known as Blackcat, ALPHV or Noberus, has infiltrated the computer networks of more than 1,000 victims, “including networks that support U.S. critical infrastructure,” the Department of Justice and FBI said in an announcement this week.

A decryption tool developed by the FBI is being used by “dozens of victims in the United States and internationally,” and has so far saved “multiple victims from ransom demands totaling approximately $68 million,” the Justice Department said.

In a Dec. 19 advisory, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) detailed steps companies should take to beef up their protections against ransomware attacks.

Settlements reached in 2019 incident

Last month, First American agreed to pay $1 million to the New York State Department of Financial Services to settle allegations that subsidiary First American Title Insurance Company failed to protect clients’ personal information in a proprietary document sharing solution, EaglePro.

According to a Nov. 27 consent order First American entered into with New York regulators, a cybersecurity journalist warned the company in May 2019 that a design fault in EaglePro had left 885 million documents dating back as far as 2003 exposed to the public.

After further investigation, regulators determined that First American’s Cyber Defense Team had discovered the issue in December 2018, and recommended that it be fixed “as soon as possible” in a January 2019 report.

But the report didn’t make its way to senior executives, and First American did not fix the problem or inform the public until the last week in May 2019, the Securities and Exchange Commission alleged in a 2021 settlement agreement. First American agreed to pay a $487,616 civil penalty to the SEC without admitting or denying the allegations.

Editor’s note: This story has been updated to include details about settlements reached by First American to settle allegations that a design flaw in its EaglePro solution exposed clients’ personal information.

Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.

Email Matt Carter

Show Comments Hide Comments
Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Success!
Thank you for subscribing to Morning Headlines.
Back to top
Only 3 days left to register for Inman Connect Las Vegas before prices go up! Don't miss the premier event for real estate pros.Register Now ×
Limited Time Offer: Get 1 year of Inman Select for $199SUBSCRIBE×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription
×