Posts

First American Financial Exposes 885 Million Mortgage Documents

Approximately 885 million digital documents have been exposed from mortgage deals that date back to 2003. First American Financial Corp is a provider of title insurance, as well as other services for the mortgage and real estate industries, and it allowed millions of records to be exposed according to one report.

The exposure is likely to put a variety of bank account statements and account numbers at risk, as well as Social Security numbers, tax records, wire transaction receipts, mortgage records, and driver’s license images. All of this information could be read through a web browser without getting authentication from anyone.

First American Financial Corp first learned of its designed defect on May 24 when one of the production applications made it possible for people to gain unauthorized access of its customer data. This information was provided to USA TODAY by the company in a written statement. It also said that privacy, security, and confidentiality are the top priorities for the company, and it is committed to protecting the information of its customers.

The statement also added that First American Financial Corp took action immediately to address the full situation and shut down the external access option for the application. It is currently evaluating the effects of the situation and if any issues were relating to customer information security. It also mentions that it hired an outsourced and unbiased forensic firm to ensure that there has been no unauthorized and meaningful access to its customer data.

Brian Krebs wrote the report and claims that he was contacted by Ben Shoval, a Washington state real estate professional, who said that he’d had no luck getting any response from the company about what he found out, which was that portions of its website had leaked hundreds of millions of customer records.

The initial report by Krebs claimed that Shoval learned that anyone that knew the URL for any valid document on the website could also view other documents by just modifying one or two digits in the link. Krebs then chose to confirm the findings of the real estate developer. He used to be a reporter for the Washington Post and was the first to report about another high-profile data breach because he determined that millions and millions of Facebook users had account passwords that were stored in plain-text format, which could be searched by over 20,000 Facebook employees.

Regardless of past reports, Kreb claims that this exposure issue is one of the worst he has seen because there are just so many individuals involved. Anyone who has ever gotten a document link by First American Financial Corp via email is likely to be a victim in this breach.

The chief data scientist from Rapid7 Labs, Bob Rudis, claims that this exposure is severe for First American, but it also highlights the need for a more comprehensive approach to securing the network and systems, especially for areas that house highly sensitive information.

He also says that anti-malware products, firewalls, and other security controls aren’t enough to reduce that unwanted exposure. Organizations need to think like a cyber-attacker to help them identify any areas of weakness before cybercriminals do it themselves.

The Director of Solution Engineering at CipherCloud, Tyler Owen, says that there has been a gross negligence by First American Financial Corp. He believes that everyone in the info security industry has become numb to these breaches and disclosures because they happen more and more frequently (about once a week). Regardless of the negative impacts and bad press for the company, organizations just aren’t putting enough emphasis on secure processes and data security.

The victims here are primarily the people who have had their data exposed because they have little to no recourse available to them.

The problem is that there is no information about who accessed the files over time, and no one has any concrete information about the misuse of the data because of the temporal exposure. It’s almost impossible to determine who leaked the information, who had access to it, who accessed it, and what they did with that ill-gotten information. If it were to, say, end up being sold on the dark web market, it might generate a lead, but nothing has surfaced so far.

If you believe you were part of the data breach, you should monitor your credit report and look for signs that someone has used your credit card without your permission. You can also freeze your credit report so that no new credit applications can be opened. Your financial organization is likely to have tools available to help you; utilize those tools to ensure that there is no activity on your accounts without your knowledge. It’s also helpful to listen for whatever information First American provides about the matter. That way, you’re well aware of something going amiss and can talk to the right people to seek restitution.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Financial Preparedness in a Disaster

You have probably heard that it’s important to be prepared for a disaster. You might have a first aid kit set aside, food and water, or a battery-operated radio. But, are you financially prepared?

Creating an Emergency Fund

It might be tough but try to set aside some money a little at a time. Even if you can put $10 a week in an envelope, it’s better than nothing. Saving change can really add up quickly, too. Keeping a credit card available is also a good idea, but remember…in a disaster situation, it might be very difficult to use a credit card. Here’s a few more ways to save some cash in the event of a disaster:

  • Limit or Quit Habits – If you smoke, drink fancy lattes, or even love your extravagant dinners, consider limiting them or even quitting them. Let’s say the latte you get every day before work is $6 once you pay for the tip. If you stop doing that, or even make them at home, you could save $1000 to $2000 or more over the course of a year.
  • Pay Bills When They are Due – You might not even realize it but paying your bills on time can also help you save money. Each late fee adds up, and so does interest. Most major lenders and utility companies allow you to schedule payments in advance, so if you are sure to have money in the bank, this is a great idea.
  • Get a New Gig – Finally, think of things that you can do to earn more money. Do you have a hobby you like, such as woodworking or knitting, that you could do for profit? Do you write? There are easy to find writing jobs online, too. If you have a skill like that, or something similar, consider looking at freelance sites like Fiverr. Can you cook? Bake and sell your creations to family and friends. All of these things can bring extra cash in; cash that you can use in the case of a disaster.

There is not a solution here that will work for every family, but you should be able to think of some way to help you put away a little money. You also might be able to do two or three things. Some people believe we are close to some type of world disaster, like, I dunno, our government is taking about building short range nukes again. GREAT IDEA! So you might want to be ready just in case.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.