Cyberattack forces First American to take some IT systems offline

News
By published

First American confirms breach

Cyberattack
(Image credit: Cyberattack)

First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut some of its systems down, including its website.

At press time, the official website firstam.com was still offline, while a dedicated notification site - firstamupdate.com - was set up. There is a short notification on the latter, stating “First American has experienced a cybersecurity incident. In response, we have taken certain systems offline and are working to return to normal business operations as soon as possible. Updates will be posted to this page.”

Sadly, no additional information was posted. We reached out to the company’s representatives for more information and will update the article if we hear back from them. Usually, companies would shut down their systems in case of a ransomware attack. If this indeed was a ransomware attack, chances are the attackers also stole sensitive customer and employee information. 

American financial behemoth

First American Financial Corporation is an American financial services company providing title insurance and settlement services to the real estate and mortgage industries. It was founded in 1889, and last year generated $7.6 billion in revenue. Headquartered in California, it has more than 21,000 employees. 

According to a BleepingComputer report, this is not FirstAm’s first foray into cyberincidents. Roughly a month ago, it paid a $1 million penalty to settle violations of New York’s Department of Financial Services’ (DFS) Cybersecurity Regulation, for a data breach that happened in May 2019.

"As the nation's second-largest title insurance company, First American collects the personal and financial data of hundreds of thousands of individuals annually on title-related documents and stores that information in its proprietary EaglePro application," New York's DFS said. "In May 2019, First American senior management learned of a vulnerability in the application whereby any individual in possession of the link used to access EaglePro could access not only their own documents without authentication, but also those of individuals in unrelated transactions."

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Security
American National Insurance Company breach data found online
Red padlock open on electric circuits network dark red background
Newspaper printing across US hit after Lee Enterprises says “cybersecurity event” disrupted operations
Insurance
Globe Life data breach may have affected 850,000 more patients than previously thought
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
Lock on Laptop Screen
United Healthcare data breach may have affected 190 million Americans
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Nimo N172 laptop

This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
See more latest
Most Popular
Nimo N172 laptop
This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop
One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event