An estimated 885 million digitized documents from mortgage packages dating back to 2003 have been exposed by First American Financial Corp, a title insurance and other real estate and mortgage services provider, according to a report from the KrebsOnSecurity Security News.
This exposure apparently suggests risk account numbers and information, mortgage and tax information, Social Security numbers, receipt receipts, and driver card pictures, Krebs reported, all of which could be read without the authentication of anyone with a web browser.
"On May 24, First American learned a design flaw in one of the production programs that enabled unauthorized access to customer data, the company wrote in a statement issued to the United States today." Security, privacy, and confidentiality are top priorities and we are committed to protect our customers' information. "
The statement added that First American" took immediate action to resolve the situation and terminate remote access to the application. currently considering what impact it has on customer safety. We have hired an outside forensic firm to make sure that there has been no meaningful unauthorized access to our customer data. »
Brian Krebs, who was the author of the report, wrote that he was contacted by a Washington State real estate developer, Ben Shoval, who told him he had little luck getting an answer from First American about what he found, which was "that part of their website (firstam.com) leaked tens if not hundreds of millions of records."
The Krebs report says Shoval discovered that "anyone who knew the URL of a valid document on the site could see o Then documents just by changing a single digit in the link. "
Krebs separately confirmed the property developer's findings. The respected security researcher, formerly a Washington Post reporter, was recently the first to report another high profile data break when he flagged that hundreds of millions of Facebook users had their account passwords stored in plain text format that could be searched by more than 20,000 Facebook employees.
The effect of this recent exposure is potentially enormous, given the large volume of individuals who have ever been sent a document link via email by First American, says Krebs.
"The Exposure Led by First American emphasizes the need for a holistic approach to securing systems and networks, especially areas containing sensitive information," said Bob Rudis, chief data scientist at Rapid7 Lab's security company.
"Firewalls, anti-malware solutions and other safety-specific controls are not sufficient to reduce unwanted exposure, "says Rudis. He adds that organizations should" think like an attacker "so they can identify areas of weakness before others do."
Tyler Owen, Director of Solutions Engineer at Another security firm, CipherCloud, says First American is guilty of gross negligence. Believe that everyone in the information security industry gets pretty numb by these types of disclosures as they seem to happen almost weekly. Regardless of poor pressure and potential negative consequences for a company, organizations still do not place enough emphasis on data security and secure processes. "
For his part, Rudis says that the real victims are the consumers who have been exposed to data." "Unfortunately, we have no" small recruitment "," he says.
"We have no information about who has had access to this over time, nor have any real information about the misuse of this data due to the temporal exposure" Rudis says.
He recommends consumers to regularly monitor the credit report and put all new credit applications on hold immediately, and use the tools of your financial organizations to ensure that no activity occurs without your knowledge. And listen to anything First of all Americans have to say about the matter.
First American Financial is a financial company that offers title insurance, home insurance, home guarantee, such as appliances, a variety of closing and other services for lenders. The company, with nearly $ 6 billion in revenue and 19,000 employees, is the country's largest provider of title insurance, covering a house in case of claims that challenge the validity of property ownership.
Email: email@example.com; Follow @edbaig on Twitter
Contributor: Paul Davidson
Read or Share this story: https://www.usatoday.com/story/tech/2019/05/24/first-american-financial-may-have -exposed-personal-data-in-home loan / 1228113001 /