First American Financial Corporation: 900 Million Records Still a Risk Today

On May 24, 2019, First American Financial Corporation, a Fortune 500 title insurance company, was reported to have exposed over 900 million records dating back to 2003. The breach, discovered by independent journalist Brian Krebs, revealed that confidential data, including bank account numbers, wire transfer records, mortgage documents, and Social Security numbers, had been publicly accessible through the company’s website. As one of the largest providers of real estate title insurance in the United States, First American’s digital mishandling raised serious concerns about the security of personal financial information in the real estate sector.

Although the breach occurred years ago, the long-term impact is still unfolding today. The records, which included Social Security numbers, bank account details, wire transfer instructions, and mortgage information, were accessible without any login credentials. Once publicly available online, such data can remain in circulation indefinitely, resurfacing in dark web marketplaces or being used for fraud years after the initial leak.

How Did the Breach Happen?

A Flaw in Document Security

The incident was first reported by KrebsOnSecurity, which discovered that First American’s document portal allows unauthenticated access to highly sensitive records. The system used sequential URLs to display documents, allowing anyone to manipulate a single URL and access a vast archive of private information.

Lack of Access Controls

Critically, there was no password protection, user verification, or time-based access restrictions. As long as someone had the URL structure, they could access files meant only for the client and the company.

Exposure of Personally Identifiable Information (PII)

The documents included names, addresses, financial statements, Social Security numbers, and details from real estate transactions. For cybercriminals, this information is a blueprint for identity theft, phishing attacks, and social engineering scams.

Why It Still Matters Today

Persistent Data on the Dark Web

Even after the vulnerability was fixed and the exposed documents removed, there is no way to fully retract data that may have been scraped or downloaded. In 2025, law enforcement and cybersecurity analysts continue to find legacy data dumps online containing records from this breach.

Rise in Real Estate Fraud

With the rise of Business Email Compromise (BEC) attacks and real estate wire fraud, stolen data from past breaches is still being used to impersonate title agents and reroute payments. Victims continue to report wire transfer scams that trace back to old transaction records.

Evolving Regulatory Scrutiny

The breach also contributed to growing pressure for stricter data privacy laws. The continued fallout highlights the need for organizations to implement zero-trust security models, encrypt stored documents, and monitor for unauthorized access.

How to Protect Yourself From Long-Term Breach Risks

Monitor Credit and Financial Accounts

If you’ve ever purchased property through a major title company, it’s wise to keep a close eye on your financial records. Set up banking alerts, credit monitoring, and Google Alerts for your name to stay aware of unauthorized activity.

Verify Wire Transfer Requests

Always confirm any large transaction instructions, especially wire transfers, by calling a known phone number. Avoid relying on email alone for financial approvals.

Limit Information Sharing

Be cautious when submitting sensitive documents online. Ask how they are stored, who has access, and whether encryption is in place.

Conclusion

Although the First American data breach occurred in 2019, the consequences are still being felt today. Exposed data doesn’t expire. As real estate transactions remain a top target for fraudsters, both consumers and professionals must remain vigilant. Cybersecurity is not a one-time fix; it requires continuous attention and responsible data handling.

Stay informed and empowered with Cyber News Live! Join us for insightful discussions, expert analysis, and valuable resources that promote cyber awareness and safety in education. Don’t miss out—tune in to Cyber News Live today!

By Sam Kirkpatrick, an Information Communication Technology student at the University of Kentucky and intern at Cyber News Live.