First American Financial Corp., one of the largest U.S. title insurers, may have allowed unauthorized access to more than 885 million records related to mortgage deals going back to 2003. Digitized records including “bank-account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images were available without authentication to anyone with a web browser,” according to Brian Krebs, who broke the story on Friday, May 24.
Whether this access was exploited and how long it was
Commentary: First American’s history stretches back over 100 years and today has over five billion dollars in annual revenue and over 18,000 employees. You would think that a company of this size and history, and handling the volume of sensitive information that it does, would have robust security controls. And yet here we are. Yet another reminder that no company is immune to cyber attacks or critical cyber vulnerabilities, no matter how large with supposedly the budget and sophistication to deal with these threats, or how small without either.