First American Responds to Information Security Incident

May 28, 2019

First American Financial reported there is no preliminary indication of large-scale unauthorized access to customer information after it shut down external access to a production environment with a reported design defect that created the potential for unauthorized access to customer data.

In a filing with the Securities and Exchange Commission, First American reported it is “working diligently to address the defect and restore external access” and the company has hired a forensic firm to help assess the extent to which any customer information may have been compromised.

“We deeply regret the concern this defect has caused,” said Dennis J. Gilmore, chief executive officer at First American Financial. “We are thoroughly investigating this matter and are fully committed to protecting the security, privacy and confidentiality of the information entrusted to us by our customers.”

While the “investigation is in its early stages, at this time there is no indication that any large-scale unauthorized access to sensitive customer information occurred,” according to First American.

First American plans to provide updates on its investigation exclusively on its website. If the investigation shows that any confidential information has been compromised, the company will notify and provide credit monitoring services to the affected consumers. First American will soon provide a mechanism through its website that will give consumers who believe their confidential information has been compromised the ability to report this to the company.

On May 24, the company learned about the design defect in one of its production applications that made possible unauthorized access to customer data.

"At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information,” First American said in a statement. “The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information.”


Contact ALTA at 202-296-3671 or communications@alta.org.

130606