First American Financial Corporation [1] [5], a leading title insurance provider in the US, fell victim to a ransomware attack in late December 2023 [6], compromising the personal information of over 44,000 individuals [3].


The cyberattack led to system shutdowns and a 15% decrease in fourth-quarter earnings for the company. Hackers were able to access and encrypt data on specific systems, raising concerns about unauthorized access and potential exfiltration of sensitive information. The type of data stolen has not been disclosed, but the company is taking steps to notify affected customers and provide free credit monitoring and identity protection services. An updated filing revealed that personal information of approximately 44,000 individuals may have been compromised [4], prompting First American to pledge notification to affected individuals and offer credit monitoring and identity protection services at no cost [4] [5]. This incident occurred shortly after the company was fined $10 million for cybersecurity regulation violations related to a data breach in 2019 [5]. While the identity of the threat actors remains unknown [4], ransomware operators typically claim responsibility for attacks and threaten to release stolen data on the dark web [3]. First American Financial is part of a series of cyberattacks targeting real estate and lending companies [1], including Fidelity National Financial and Mr [1]. Cooper [1].


Despite the challenges posed by the cyberattack, the CEO of First American Financial remains optimistic about the company’s long-term prospects. Emphasizing the importance of implementing advanced security measures, the company aims to prevent future data breaches and safeguard sensitive information. Customers are advised to update passwords, enable multi-factor authentication [2], and monitor their social and government information for any signs of unauthorized use. In case of impact by the breach, individuals are encouraged to contact First American for assistance.