US insurance giant First American confirms it was hit by a ransomware attack

News
By published

First American data stolen and encrypted, company states

Cyberattack
(Image credit: Cyberattack)

First American, one of the largest insurance companies in the United States, has confirmed the cyber-incident it suffered in late December 2023 was indeed a ransomware attack.

As spotted by Cybersecurity Dive, the company filed an updated 8-K form with the Securities and Exchange Commission (SEC) on Friday, December 29, 2023. 

In the filing, the insurance behemoth confirmed suffering a ransomware attack and claimed to be working on addressing it.

Reader Offer: Save up to 68% on Aura identity theft protection

Reader Offer: Save up to 68% on Aura identity theft protection
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. Save up to 50% today. 

 Preferred partner (What does this mean?) 

View Deal

American financial behemoth

“Though the incident is still under investigation, the Company believes the perpetrator of the activity accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems,” First American said in the filing. “The Company continues to assess whether the incident will have a material impact on the Company’s financial condition or results of operations, which at this point cannot be determined.”

The initial reports emerged around December 20. Back then, First American reported “unauthorized activity” on some of its IT systems. 

“Upon detection of the unauthorized activity, the Company took steps in an effort to contain, assess and remediate the incident. On December 20, 2023, the Company elected to isolate systems from the Internet,” the filing further explained. “The Company has retained leading experts, worked with law enforcement, and notified certain regulatory authorities.”

Since then, First American believes it has successfully contained the attack and is now in the process of restoring access to its systems and resuming normal business operations.

First American Financial Corporation is a US financial services company that provides title insurance and settlement services to the real estate and mortgage industries. It was founded in 1889, and last year generated $7.6 billion in revenue. Headquartered in California, it has more than 21,000 employees. 

This is not the only time First American has suffered a cyberattack. Roughly a month ago, it paid a $1 million penalty to settle violations of New York’s Department of Financial Services’ (DFS) Cybersecurity Regulation, for a data breach that occurred in May 2019.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Security
American National Insurance Company breach data found online
Ransomware
Lee Enterprises blames cyberattack for encrypting critical systems as US newspaper outages drag on
ransomware avast
Engineering giant ENGlobal confirms hackers hit internal data
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
Red padlock open on electric circuits network dark red background
Newspaper printing across US hit after Lee Enterprises says “cybersecurity event” disrupted operations
Insurance
Globe Life data breach may have affected 850,000 more patients than previously thought
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
More about security
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Nintendo Switch 2 Joy-Con up-close from app store

Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
See more latest
Most Popular
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA