Insurer First American left 900 m customer files exposed
Monday, 05 27 2019, Category: Insurance and Reinsurance, Country: United States
A leading US real estate and mortgage insurer, First American Financial Corp., left vulnerable an enormous trove of digital documents, some of which may have contained Social Security numbers and bank account information.
Nearly 900 million files may have been exposed, some containing Social Security numbers and bank account information.
Bad actors only needed a web address to view the documents as they were left without password protection or other encryption, according to a Friday post from the popular cybersecurity blog Krebs on Security, which is run by journalist Brian Krebs.
The information had been hosted online since at least March 2017, according to the post, and nearly 900 million files may have been exposed, though it is not clear if any were improperly accessed.
Some of the documents included bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts and drivers’ license images, according to the Krebs post.
First American confirmed in a statement to CNN Business Saturday that “On May 24th, First American learned of a design defect in one of its production applications that made possible unauthorized access to customer data.”
“The company took immediate action to address the situation and shut down external access to the application,” the statement reads. “We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.”
The company did not confirm how many documents may have been exposed or detail how many customers could have been impacted over what time period.