First American, a major insurance company in the US, has confirmed that a ransomware attack led to the loss of sensitive data for thousands of people.
The cyber-attack, which occurred in late December 2023, forced First American to shut down some systems, including its website.
The company later reported to the US Securities and Exchange Commission (SEC) that ransomware had compromised its systems and likely resulted in the theft of sensitive information.
On May 28, the company filed an updated report indicating the conclusion of its investigation. It determined that the personal information of approximately 44,000 individuals was accessed without authorization.
“This breach will have a systemic impact on the housing market, given that First American’s infrastructure will be used to island-hop,” commented Tom Kellermann, SVP of Cyber Strategy at Contrast Security.
“Whereas wire transfer fraud and identity theft will occur as a result of the breach, I am most concerned with significant home equity fraud. Cybersecurity has always been an afterthought for the housing industry – thus, greater regulation is necessitated.”
First American said it would notify the affected individuals and provide them with free credit monitoring and identity protection services. The attackers’ identities and the specific data stolen remain unknown.
Read more on data breaches: French Employment Agency Data Breach Could Affect 43 Million People
“The increasing frequency and severity of data breaches highlight the need for more advanced security measures,” warned Erfan Shadabi, cybersecurity expert at comforte AG.
He emphasized that data-centric security solutions, like tokenization, provide a promising way to enhance both compliance and security. This approach helps mitigate the risk of data breaches and ensures that even if data is intercepted, it remains unusable to unauthorized parties.
“As the threat landscape continues to evolve, adopting comprehensive security strategies that go beyond mere regulatory compliance will be crucial for safeguarding sensitive information and securing competitive advantages in the insurance industry,” Shadabi concluded.
The updated SEC filing comes weeks after Prudential Financial notified 36,000 individuals of a data breach.
Image credit: JHVEPhoto / Shutterstock.com