According to a recent filing with the Securities and Exchange Commission (SEC), a December 2023 cyberattack against First American Financial Corp. potentially compromised personal information belonging to roughly 44,000 people.
The May 21 filing specifies the figure, stating, “the company has determined that personal information pertaining to approximately 44,000 individuals may have been accessed without authorization as a result of the incident. The company will provide appropriate notifications to potentially affected individuals and offer those individuals credit monitoring and identity protection services at no cost to them.”
First American added that its investigation into the cyberattack has concluded as of the date of the filing.
On Dec. 20, 2023, First American “elected to isolate systems from the internet” after it identified unauthorized activity in its information technology systems, the company told the SEC. The company “retained leading experts, worked with law enforcement and notified certain regulatory authorities” of the incident.
In its Dec. 29 filing with the SEC, First American said it “believes it has contained the incident. The company is in the process of restoring access to its systems and resuming normal business operations.”
Ensuing updates just before New Year’s Day and into early January specified that FirstAm.com had been restored with some limits to functionality. Company leaders also stated that network functions, including the company’s employee email system, had been restored.
A Jan. 12 filing from First American said the cyberattack was expected to have a “material impact” on fourth quarter revenue.
Related stories:
First American reports incident contained, systems online