US insurers face SEC probe over web-access bungle that exposed 'up to 885 million' files

US insurers face SEC probe over web-access bungle that exposed 'up to 885 million' files

But it claims just 32 people had 'non-public' info disclosed. Eh?


The American Securities and Exchange Commission is said to be investigating a US insurance company that allegedly left 885 million personal records accessible "without authentication to anyone with a web browser".


As revealed by infosec journalist Brian Krebs in May this year, First American Financial Corporation was said to have leaked sequentially numbered documents including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and images of driving licences. The firm disabled serving of the files after being told of the leak.


Regarding the SEC's investigation, Krebs cited a letter sent to Ben Shoval, the property developer who originally noticed the leak earlier this year, from the commission's enforcement division. The letter asked Shoval to "immediately preserve, ..