Title insurance and settlement service company First American Financial Corporation had a security vulnerability that was allowing anybody with a web browser to view sensitive records including information such as:
- Bank account numbers & statements
- Mortgage documents
- Tax records
- Social security numbers
- Wire transaction receipts
- Driver license images
The information was accessible if you knew the URL for a valid document on the website and you could view other documents by changing a single digit in the URL to view other documents as well. Krebs On Security who notified First American about the breach after being tipped off by a reader estimates that 885 million files were accessible.
It’s currently unclear if this information was accessed by attackers/fraudsters but this level of incompetence is truly mind boggling. I’ve said it before and I’ll say it again, until the punishments for data breaches are increased they will continue to happen at an alarmingly rate.
Lol I found a similar vulnerability on an insurance agency’s website. Documents were all saved in order so you could look at things that were being saved same day…
i hope you reported it 🙂
Wow. For absolute shame.
A lot of politicians of a certain party have real estate businesses. So you can imagine they don’t let consumer friendly laws pass if it results in them losing money. Title insurance is a lucrative business.
by “certain party” do you mean democrats and republicans? pretty sure both are heavily vested in real estate and investments.
I think he means he doesn’t know what he is talking about…again.
Title Insurance is lucrative in a few highly regulated states like TX and MO. However, generally it’s a low margin business.
FA is one of the largest underwriters and is barely in the fortune 500.