Wednesday , October 16 2019

First American may have exposed millions of client records: Research

Bloomberg

First American Financial Corp., one of the largest US title insurers, may have allowed unauthorised access to more than 885 million records related to mortgage deals going back to 2003, according to a security researcher.
The flaw was outlined in an article by Brian Krebs, a cybersecurity expert. Digitised records including “bank-account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts and driver’s license images were available without authentication to anyone with a web browser,” he wrote.
In a statement, First American said that it learned of a “design defect in one of its production applications that made possible unauthorised access to customer data” and has shut down
external access.
“We are currently evaluating what effect, if any, this had on the security of customer information,” the com-pany said.
“We have hired an outside forensic firm to assure us that there has not been any meaningful unauthorised access to our customer data.”
Title insurers like First American use their records and public documents to verify a seller is a property’s true owner and that it is free from liens. The companies collect a premium at the closing of the purchase and pay costs that may arise if someone disputes the new owner’s right to the property. That work means they regularly handle private information.
Ben Shoval, a real estate developer in Washington state, said he noticed the vulnerability after getting a link from First American earlier this week.
“I clicked on it and it sent me to a document that was for my transaction,” he said in an interview.
“But when I looked at the link, I realised that if I just changed on number in it, it would show me other people’s private documents.”
Shoval said he tried notifying First American but received no response. Then, he contacted Krebs, who was able to confirm the vulnerability and estimate its scale.

About Admin

Check Also

SoftBank taps Houlihan for WeWork

Bloomberg SoftBank Group Corp has tapped investment bankers at Houlihan Lokey to explore options for ...

Leave a Reply

Your email address will not be published. Required fields are marked *