Cyberattack forces First American to take some IT systems offline

(Image credit: Cyberattack)

First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut some of its systems down, including its website.

At press time, the official website was still offline, while a dedicated notification site - - was set up. There is a short notification on the latter, stating “First American has experienced a cybersecurity incident. In response, we have taken certain systems offline and are working to return to normal business operations as soon as possible. Updates will be posted to this page.”

Sadly, no additional information was posted. We reached out to the company’s representatives for more information and will update the article if we hear back from them. Usually, companies would shut down their systems in case of a ransomware attack. If this indeed was a ransomware attack, chances are the attackers also stole sensitive customer and employee information. 

American financial behemoth

First American Financial Corporation is an American financial services company providing title insurance and settlement services to the real estate and mortgage industries. It was founded in 1889, and last year generated $7.6 billion in revenue. Headquartered in California, it has more than 21,000 employees. 

According to a BleepingComputer report, this is not FirstAm’s first foray into cyberincidents. Roughly a month ago, it paid a $1 million penalty to settle violations of New York’s Department of Financial Services’ (DFS) Cybersecurity Regulation, for a data breach that happened in May 2019.

"As the nation's second-largest title insurance company, First American collects the personal and financial data of hundreds of thousands of individuals annually on title-related documents and stores that information in its proprietary EaglePro application," New York's DFS said. "In May 2019, First American senior management learned of a vulnerability in the application whereby any individual in possession of the link used to access EaglePro could access not only their own documents without authentication, but also those of individuals in unrelated transactions."

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.