Breach Brief – First American
No matter how many times you hear about these monstrously gigantic data breaches it seems there is alway one company that just does not get it. This time it is mortgage provider First American.
According to Krebs on Security, real estate and title insurance company First American left exposed nearly 900 million sensitive customer financial records, dating back to 2003, on its website for anyone to access.
Krebs reported the unprotected records included customer Social Security numbers, driver’s license images, bank account numbers and statements, mortgage and tax documents, and wire transaction receipts. So what more could an identity thief ask for?
Krebs notified First American of the situation and the website was quickly taken down. There is no evidence that the information found its way into the wrong hands. But that is stil no guarantee it didn’t.
In a statement First American said; “First American has learned of a design defect in an application that made possible unauthorized access to customer data. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.”
For more information go to First American’s Incident Update webpage.