What to Know
- KrebsOnSecurity reports data from up to 885 million files was exposed by First American Financial, a major title insurance company
- First American tells NBC Bay Area it learned of a security flaw on Friday and immediately took action to address it
- A source told NBC Bay Area there was no evidence any customer data was taken or used without authorization
One of the nation's largest mortgage title insurance companies says customer data was potentially exposed by a computer application's design flaw.
Santa Ana-based First American Financial told NBC Bay Area it learned of the security flaw on Friday, and moved quickly to cut off any unauthorized access to customer data.
The possible data breach was first reported by Brian Krebs of KrebsOnSecurity. Citing industry sources, Krebs claimed the First American website inadvertently leaked or exposed as many as 885 million files, dating back to 2003.
A source with direct knowledge of the incident told NBC Bay Area the data was not "leaked" and that there was no evidence any customer data had been taken or used without authorization.
Late Friday afternoon, First American provided this statement to NBC Bay Area:
On May 24th, First American learned of a design defect in one of its production applications that made possible unauthorized access to customer data. Security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information.
Therefore, the company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We have hired an outside forensic firm to assure us that there has not been any meaningful unauthorized access to our customer data.