First American reboots after hack took down its systems

First American Financial announced Thursday it rebooted some of its systems, which were taken down in late December due to a cyberattack.

The title insurance and settlement services provider said its title data and property records research tools have been restored, as well as its warranty site. Its website (firstam.com), however, still has limits to functionality, the company said.

Details surrounding the data breach that took place Dec. 21 remain sparse, including the depth of the breach.

"First American Financial Corporation has experienced a cybersecurity incident," a statement issued on Dec. 21 by the title insurance company read. "In response, the company has temporarily taken certain systems offline and is working to return to normal business operations as soon as possible."

First American has had its systems breached before. A 2019 incident may have allowed unauthorized access to more than 885 million records containing sensitive personal information going back to 2003.

As a result, First American entered into two legal settlements, the first in 2021 to the Securities and Exchange Commission in which it paid a $487,616 penalty for disclosure violations. And in late November the title company settled a complaint with the New York State Department of Financial Services for $1 million to cover the 2019 incident.

A wave of cyber attacks have hit the financial services industry in recent months. Apart from First American, Mr. Cooper and Fidelity National were also hacked.

In a filing with the Maine attorney general's office last week, Fidelity National, First American's largest rival, revealed personal identifiable information including Social Security numbers of 1,316,938 customers were exposed in the event, which occurred on Nov. 19.

Meanwhile, almost 15 million former and current Mr. Cooper customers were impacted by a cyberattack reported two months ago.

Thus far, 13 class action lawsuits have been filed against Mr.Cooper accusing it of failing to keep its customers' personal identifiable information safe. As of Dec. 14, a motion was filed in the U.S. District Court for the Northern District of Texas to consolidate all of the suits into a single case under plaintiff Jennifer Cabezas, who was the first of the 13 to bring a motion against the servicer.