The title unit of Santa Ana-based First American Financial Corp. was accused by a New York regulator of exposing hundreds of millions of documents containing consumers’ sensitive personal information.
These charges are the first to be filed alleging violations of the department’s new cybersecurity regulations, which became effective in 2017. The department said First American Title, the second largest title insurer in the U.S., handled 50,000 title policies in New York in 2019.
The exposed information included consumer bank account numbers, mortgage and tax records, Social Security Numbers, wire transaction receipts, and drivers’ license images.
“First American failed to follow its own policies, neglecting to conduct a security review and a risk assessment of the flawed computer program and the sensitive data associated with the data vulnerability,” the agency said in a statement.
The agency alleged that flaws in First American’s cybersecurity practices have “persisted for years, including months after it was discovered.”
First American disputed the accusations and will contest them, a company statement said.
"Our investigation into the incident, conducted with an outside forensics firm, identified a very limited number of consumers whose non-public personal information likely was accessed without authorization and otherwise found no evidence of misuse of any non-public personal information," First American said.
"None of these identified consumers were New York residents," it added.
After the incident, which occured in May, 2019, First American addressed the issue and offered complimentary credit monitoring services to a group of customers.
A hearing has been set for Oct. 26.
The company is scheduled to report second quarter earnings tomorrow morning.
Shares of First American (NYSE: FAF) today rose 3.4% to $55.72 and a $6.2 billion market cap. The shares have almost doubled since March.