Newsroom

May 29, 2019

Millions of mortgage records leaked due to website flaw

Data securityHundreds of millions of documents and personally identifiable information related to mortgage deals from First American Financial Corp. were leaked online due to a website vulnerability.

According to a report by KrebsOnSecurity, digitized records including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver's license images were available – without authentication – to anyone with access to a web browser. records, Social Security numbers, wire transaction receipts, and driver's license images were available – without authentication – to anyone with access to a web browser.

Although First American has yet to disclose the total number of records exposed to the vulnerability, an analysis of identification markers suggests that the number may be as high as 885 million.

The California-based Fortune 500 real estate title insurance firm would not comment on the total number of records that were potentially revealed or the length of the exposure, but shared that unauthorized access to the data was due to an application design defect.

KrebsOnSecurity adds that there is no information on whether bad actors were aware of the exposure or if the documents were mass-harvested.

NAFCU – a leader in calling for a national data security standard – has advocated for safeguards to ensure negligent entities are held accountable for data exposures, consumers have control over their data and are notified of breaches in a timely manner. The association believes that all entities – not just financial institutions – that handle consumer information must comply with comprehensive federal data protection standards.

The association has long been active with lawmakers on the issue of data security and was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system.