Brief analysis
- First American Financial revealed hackers accessed and encrypted non-production data in a December 20 cyberattack, per an amended SEC filing. The company has contained the incident.
- First American is currently restoring systems access and resuming operations following the attack. Its First American Trust banking unit is back online after the December incident, and employee email was restored this week.
- The country’s second-largest title insurance company continues probing the breach. It remains uncertain whether the attack will significantly impact financial condition or performance, although it’s been contained.
Detailed Perspective
The recent disclosures are expected to spark inquiries into the company’s risk management practices and revive concerns about the broader title insurance sector’s security.
Fitch Ratings, in a statement on December 26th, acknowledged its monitoring of the cyberattack on First American. However, they indicated that unless there are prolonged business constraints or if the investigation uncovers extensive governance or risk management deficiencies, immediate rating impacts are improbable.
Gerry Glombicki, a senior director at Fitch Ratings, suggested that the attack’s impact might be somewhat contained due to the disruptions occurring during the Christmas holiday. Nevertheless, he cautioned that some year-end commercial closings could face risks.
First American successfully restored access to vital systems on Thursday and Friday, which include the ACI appraisal system, the AgentNet platform for title agents, and the Prism marketing and automation toolkit.
Last month, First American settled for $1 million with the New York Department of Financial Services following a significant 2019 data breach that exposed millions of customer records.
A spokesperson from the NY DFS mentioned close monitoring of the situation on Thursday, issuing an industry-wide alert about the potential threat of fraudulent emails targeting customers. Earlier, the company had cautioned customers about potential phishing attempts.
The recent attack on First American occurred shortly after Fidelity National Financial, the nation’s largest title insurance company, experienced a suspected ransomware attack in November.
The AlphV/BlackCat organization, known for high-profile attacks against MGM Resorts, Caesars Entertainment, and others, claimed responsibility for the Fidelity attack, resulting in stolen credentials.
While Fidelity National Financial confirmed its insurance coverage, they are yet to determine if the attack will be deemed significant.