informa
/
Vulnerabilities/Threats
Quick Hits

First American Financial Corp. Left Mortgage Data Exposed on Website

Real estate title firm reportedly has closed a hole in its website that had left hundreds of millions of real estate tile insurance files accessible without authentication, according to KrebsOnSecurity.

The website of real estate title insurance company First American Financial Corp. left exposed bank account statements, mortgage and tax information, Social Security numbers, wire transaction receipts, and driver's license images, KrebsOnSecurity reported today.

Access to some 885 million mortgage-related files dating back to 2003 did not require authentication — a security hole first spotted by a real estate developer who alerted KrebsOnSecurity about the issue on firstam.com. The exposed website was disabled as of 2 p.m. ET today, according to KrebsOnSecurity.

First American sent this statement to the news site: "First American has learned of a design defect in an application that made possible unauthorized access to customer data. At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers' information. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed."

Read more here.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5