The systems and operations of First American Financial Corporation and several of its subsidiaries appear to have been significantly disrupted by a cyberattack.
First American provides title insurance and settlement services to the real estate and mortgage industries. It’s one of the largest title insurance companies in the United States.
The company revealed on December 21 that it had taken certain systems offline as a result of a “cybersecurity incident”.
In an update shared the next day, the company said email systems had also been taken offline and warned customers to be on the lookout for potentially malicious emails purporting to come from First American, First American Title or FirstAm.com.
The company told the Securities and Exchange Commission (SEC) that it isolated some systems from the internet on December 20 in an effort to contain, remediate and assess the incident.
“The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time,” First American said. “The Company has retained leading experts, is working with law enforcement and notified certain regulatory authorities. During the disruption, the Company’s primary website may be inaccessible or inoperative.”
One week after the breach was discovered, First American’s main website remains offline, and so are the sites of a few subsidiaries.
Several individuals have complained on social media about financial losses indirectly resulting from the downtime, as well as the company’s handling of the incident and communication with customers.
While no information has been shared on the attack itself, the incident has the hallmarks of a ransomware attack. However, no known ransomware group appears to have taken credit for it.