Newsroom
Millions of mortgage records leaked due to website flaw
Hundreds of millions of documents and personally identifiable information related to mortgage deals from First American Financial Corp. were leaked online due to a website vulnerability.
According to a report by KrebsOnSecurity, digitized records including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver's license images were available – without authentication – to anyone with access to a web browser. records, Social Security numbers, wire transaction receipts, and driver's license images were available – without authentication – to anyone with access to a web browser.
Although First American has yet to disclose the total number of records exposed to the vulnerability, an analysis of identification markers suggests that the number may be as high as 885 million.
The California-based Fortune 500 real estate title insurance firm would not comment on the total number of records that were potentially revealed or the length of the exposure, but shared that unauthorized access to the data was due to an application design defect.
KrebsOnSecurity adds that there is no information on whether bad actors were aware of the exposure or if the documents were mass-harvested.
NAFCU – a leader in calling for a national data security standard – has advocated for safeguards to ensure negligent entities are held accountable for data exposures, consumers have control over their data and are notified of breaches in a timely manner. The association believes that all entities – not just financial institutions – that handle consumer information must comply with comprehensive federal data protection standards.
The association has long been active with lawmakers on the issue of data security and was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system.
Share This
Related Resources
CPRA Resource Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
CCPA 2.0: The California Privacy Rights Act
Privacy , Privacy
Blog Post
We Don’t Need No Stinkin’ Warrant: RFPA Exceptions
Privacy , Privacy
Blog Post
Get daily updates.
Subscribe to NAFCU today.