Close to 900 million confidential records pertaining to mortgages were accidentally leaked by title insurance company First American Financial Corporation. The leaks have been going on since 2003.
Security experts KrebsOnSecurity say that digital records containing Social Security numbers, wire transaction receipts, driver’s license information, bank account information, mortgage records, and tax records were left unprotected on a website where anyone could access them.
KrebsOnSecurity was first notified of the issue by a real estate developer who couldn’t get a response from First American Financial when he reported the issue.
After being contacted by KrebsOnSecurity, the company issued this statement:
“First American has learned of a design defect in an application that made possible unauthorized access to customer data. At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.”
If you’ve sold, purchased, or transferred property using First American as your title agency in the past 16 years, your records may have been exposed.
The kind of data available in this type of record would make it very easy to steal your identity, empty your bank account, or lure you with a phishing scam.
While there’s nothing you can do to prevent third-parties like First American from having lax security practices, you can be vigilant when it comes to responding to suspicious emails, keep a close eye on your bank and credit card statements, and take steps like freezing your credit, so no new accounts can be opened without your permission.