Title insurance provider First American Financial Corporation announced recently that it had fixed a security vulnerability on its website. Due to the issue, records of 885 million mortgage deals were left exposed.
A huge security issue now handled
The security vulnerability on the company’s website exposed data from millions of mortgage accounts. Some of these deals were struck 16 years ago or sooner. Due to the vulnerability, anybody could have gained access to user data, getting their Social Security numbers, driver’s license, bank account details, tax records, and mortgage records.
The security failure was noticed by cybersecurity writer Brian Krebs. He also identified problems with Facebook’s handling of hundreds of millions of user passwords.
First American is a Santa Ana, California-based company. After being notified of the issue, the company patched it and released a statement on Friday. It noted that it is evaluating the effect of the issue on their customer information. The company will not make further comments before its internal review is complete.
Company data threats are real
First American is not the first company that is facing the issue of security gaps in storing sensitive personal and financial information of clients. In 2017, consumer credit reporting agency Equifax faced a similar issue. At the time, the information of over 145 million consumers was stolen, which included their social security numbers. In 2015, the Office of Personnel Management suffered a similar breach. The attackers were able to steal extremely sensitive data like the medical histories and fingerprints of US government employees.
Instead of paying the price of these breaches, organizations have profited off from security mishaps. A study conducted last year by Wakefield Research found that credit agencies made huge profits after the Equifax breach. They charged extra from customers who choose to freeze their credit. These companies were charging a $10 freezing fee, which added about $1.4 billion in their revenue. Equifax was also one of the beneficiaries in this case.
Recently, the liability of these security issues has started to change rapidly. This Wednesday, rating agency Moody’s downgraded Equifax because of a cybersecurity incident. This is the first time in Moody’s history that it is downgrading a company because of security problems. Other companies should also get the message that they could be heavily penalized if they didn’t take the safety of their customers’ data seriously.
Equifax said earlier this month that it had spent $1.35 billion while responding to the breaching. It included a sum of $690 million in anticipation of legal settlements.