First American Financial Corp. Data Breach, 3 Steps to Take Now

If you have closed any real estate loan since 2003, you have over a 25% chance you were impacted.  First American, the second largest title insurance company in the United States handling over 26% of all closings, announced a data breach that exceeds anything we have ever seen and is far more dangerous than any prior breaches.  What happened?  Why is this data breach worse than others?  What should you do?


What happened:

First American Financial Corp., one of the largest U.S. title insurers, may have allowed unauthorized access to more than 885 million records related to mortgage deals going back to 2003, according to a security researcher.  This includes disclosure of bank-account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts and driver’s license images were available without authentication to anyone with a web browser.  This was a design defect in their program.

If you’ve ever gotten a title commitment from First American the title commitment typically contains a link to more information online, a hacker found out that all you need to do is change the last digits and you can access someone else’s information.  This design flaw has been in place since 2003.

Why is First American Financial Corp. Data Breach Worse?

Past data breaches typically exposed Social Security numbers and/or credit card information.  First American’s data breach is considerably worse as not only Social Security numbers were exposed but copies of driver’s licenses as well as full bank account info.  This additional information makes it considerably easier for someone to open accounts and also access funds in your bank.


Were You Impacted?

If you have closed any transaction with First American since 2003, you could be impacted.  I was impacted.  I closed a refinance on my house in 2005 with them which means my data could have been exposed.  Initial estimates are that 885 million records could have been exposed.

What should you do now?

  1. Lock down your accounts: This is a simple process.  For all your bank, credit card, and other sensitive accounts enable Dual Authentication. This is imperative both for your personal and business accounts. What does this mean?  When I log into my bank account, I put in my username and password, it then sends a text message to my cell phone with a random code that is valid for 5 minutes.  I have to input this code to “authenticate” my account and finish the login process.  Essentially it puts in one additional layer of protection to help thwart a hijacking of your account.  This service is free on the vast majority of banks, credit unions, etc… If you bank does not have this technology switch your accounts now!
  2. Put on alerts: Even though you locked down your accounts it is also important to monitor your accounts. I have alerts on my bank and credit card accounts so if there is any transaction I get an e-mail or text.  This will allow me to know instantly if there is suspicious activity.
  3. Credit Freeze/Lock: This is now free in many states.  This “freezes” your credit so that a lender is unable to pull your credit that you don’t already have a relationship with (for example your current bank that you have a mortgage with would be able to access your credit).  Basically you “lock” your credit with a PIN (personal identification number) for each of the three credit bureaus.  You therefore have to “unlock” your credit when needed (for example to get a car loan).  This is a very simple process and takes 5-10 minutes to unlock.  I locked my credit a year ago and recently unlocked it for a car purchase.  The credit lock is the only certain way to ensure no new credit accounts are opened in your name.


Data breaches are becoming the norm not the exception.  Unfortunately, First American’s is considerably worse than others and puts your financial security at risk.  Your actions, or lack thereof, can determine whether you are a victim and how serious the damage is.   The steps above will help protect your accounts and mitigate the probability of becoming a victim so that when your data is breached it is not a catastrophe.

Have you taken the steps above?  Do you have additional tips?  Please post in the comments below.


Sources/Additional Reading:


I need your help!

Don’t worry, I’m not asking you to wire money to your long-lost cousin that is going to give you a million dollars if you just send them your bank account!  I do need your help though, please like and share our articles on linkedin, twitter, facebook, and other social media.  I would greatly appreciate it.


Written by Glen Weinberg, COO/ VP Fairview Commercial Lending.  Glen has been published as an expert in hard money lending, real estate valuation, financing, and various other real estate topics in the Colorado Real Estate Journal, the CO Biz Magazine, The Denver Post, The Scotsman mortgage broker guide, Mortgage Professional America and various other national publications.


Fairview is a hard money lender specializing in private money loans / non-bank real estate loans in Georgia, Colorado, Illinois, and Florida. They are recognized in the industry as the leader in hard money lending with no upfront fees or any other games. Learn more about Hard Money Lending through our free Hard Money Guide.  To get started on a loan all they need is their simple one page application (no upfront fees or other games).