The cyberattack that crippled First American Financial‘s systems in late December affected a total of 44,000 individuals, according to filings submitted to regulators on Friday.
In an 8K disclosure submitted to the Securities and Exchange Commission (SEC), the title insurance firm said the company’s investigation of the incident has concluded, although few additional details were provided.
“Based upon our investigation and findings, the Company has determined that personal information pertaining to approximately 44,000 individuals may have been accessed without authorization as a result of the incident,“ First American wrote. “The Company will provide appropriate notifications to potentially affected individuals and offer those individuals credit monitoring and identity protection services at no cost to them.“
HousingWire broke the story on Dec. 21, 2023, that the company had been hit by hackers. It took roughly a week before First American was able to restore systems and contain the threat.
The breach had a material impact on the company’s fourth-quarter operations, resulting in a 15% decrease in revenue compared to the final quarter of 2022.
The attack came less than a month after First American was ordered to pay the New York Department of Financial Services (DFS) $1 million as part of a cybersecurity violation settlement.
First American was the second victim of a major cybersecurity incident in the title insurance space within a month. In late November, Fidelity National Financial was the target of a ransomware attack that took its systems offline for a few days. Ransomware gang AlphV/BlackCat later claimed responsibility for the attack.
Mortgage lenders and servicers Mr. Cooper and loanDepot also suffered large-scale attacks that cost the companies millions of dollars.