American Insurer Charged Over Sustained Data Breach

A subsidiary of insurance company First American Financial Corp. has been charged by a New York regulator regarding a data breach that went on for several years.

The New York State Department of Financial Service (DFS) filed charges on July 22 alleging that First American Title Insurance Co. exposed hundreds of millions of documents containing sensitive information. Data compromised in the breach included Social Security numbers and bank account information.

According to the DFS, the company leaked data because it was using a flawed document management system that allowed anyone to access files. The department claims that no passwords or other security measures were in place to prevent sensitive information stored within the system from being viewed. 

The court case is the first cybersecurity enforcement action brought by the regulator under a set of rules debuted in March 2017 that require banks and other financial services companies to implement and maintain cybersecurity protections. 

The laws require financial services companies licensed to operate in New York to limit access to sensitive data, carry out regular risk assessments, and inform users of any cybersecurity incidents in a timely manner. 

First American is accused of violating six sections of the rules. If found guilty, the company could be ordered to pay fines of up to $1,000 per violation. 

First American Title Insurance Co. is the second largest insurer of real estate in the United States. A spokesman for the company said First American intends ..

Support the originator by clicking the read the rest link below.