A staggering 885 million records containing sensitive financial information were left exposed on the website of real estate and title insurance giant First American, Krebs On Security reported last Friday. The data went all the way back to 2003 and included information that is highly valuable to cybercrimals, such Social Security numbers, images of driver’s license, bank account data and mortgage and tax information.
After Krebs On Security informed First American that its poorly secured website made it relatively easy to access the massive data trove, the company shut down the site. First American said the leak resulted from “a design defect in an application that made possible unauthorized access to customer data,” adding that the company “took immediate action to address the situation and shut down external access to the application.” The firm is currently investigating the incident.
So far no evidence has been found that any threat actors have obtained the sensitive data, but the leak has put millions of Americans at risk of identity theft and fraud.