Quotes Icon

Andrew M.

Andrew M.

VP of Operations

"We use TeamPassword for our small non-profit and it's met our needs well."

Get Started

Table Of Contents

    The First American Corporation Data Leak what happened?

    The First American Corporation Data Leak what happened?

    September 7, 20216 min read

    Cybersecurity

    The First American Corporation data leak is a wake-up call for regulators to clamp down hard on organizations that fail to protect their customers. 

    Data breaches are one thing, but leaving customer data unprotected online is highly negligent and questions an organization's competence!

    Any time criminals steal data from organizations like First American Corporation, it's the customers (including businesses) who suffer most!

    ‏‏‎ ‎

    Don't let your business suffer the fallout from a data breach. Use TeamPassword to protect your company's digital assets. Sign up for a free trial today!

    ‏‏‎ ‎

    Table of Contents

      What is First American Corporation?

      Founded in Orange County, California, in 1889, First American Corporation is a financial services company in the real estate industry.

      The Fortune 500 company is valued at over $7.5 billion (in 2021) and employs just under 20,000 people.

      First American Corporation has several subsidiaries, including a subsidiary in India, employing more than 4,000 employees.

      ‏‏‎ ‎

      What Happened at the First American Corporation Data Leak in 2019?

      The First American Corporation Data Leak is a shocking example of corporate negligence. Luckily, it appears First American Corporation's customers managed to avoid having their data end up in the hands of criminals.

      In May 2019, Ben Shoval, a Washington state real estate developer, stumbled upon approximately 885 million files containing customer data dating back to 2003!

      You had to have a specific URL to find the files on firstam.com. But, once you had one URL, all you had to do was increment or decrement the URL to access other records.

      Many of First American Corporation's exposed records were wire transactions between property buyers and sellers with account numbers and other financial information.

      Leaked, Not Stolen!

      It's important to note that although the First American Corporation data was freely available, it doesn't appear that anyone stole any of the company's records.

      Unlike a data breach where criminals hack into a network, human error usually causes a data leak.

      In First American Corporation's case, a website configuration error called Insecure Direct Object Reference (IDOR) allowed customers to view private information without any authentication.

      First, American Corporation's records are sequential, so Mr. Shoval could change the number in the URL to access other customer records.

      It's unclear how long First American Corporation's data was available online, but a search on archive.org revealed the company's records were available to around March 2017!

      What Kind of Data Was Leaked?

      Most of the files appeared to be scans of original documents, including property buyer and seller forms, IDs, SSNs, driver's licenses, account statements, internal corporate information for small businesses, physical addresses, contact numbers, email addresses, and other sensitive information and documentation.

      Essentially a treasure trove for criminals to carry out identity theft, spear-phishing attacks, and other social engineering attacks.

      Early Warnings Ignored!

      Penetration tests flagged First American Corporation's exposed records in 2018, but the problem remained unfixed due to a comedy of errors and administrative blunders.

      ‏‏‎ ‎

      What was the Fallout of the First American Corporation Data Leak?

      You'll be sad to learn that the $7.5+ billion First American Corporation got a mere slap on the wrists for its negligence. 

      The New York State Department of Financial Services found First American Corporation had breached new cybersecurity protections implemented in 2017.

      First American Corporation was the first company to receive enforcement action under the new cybersecurity law, reluctantly agreeing to a fine of $487,616 with The New York State Department of Financial Services.

      ‏‏‎ ‎

      Is Your Company Prepared for a Data Leak?

      Data leaks like the First American Corporation in 2019 or CAM4 in 2020 put customers at severe risk of cyberattacks.

      This sort of personal information gives criminals the means to impersonate companies and individuals or even target them through various social engineering attacks.

      Spear-Phishing Attacks

      One of the most significant risks from a leak like this is that criminals have enough personal information to carry out a successful spear-phishing attack. 

      Using data from First American Corporation, criminals could pose as the organization sending spear-phishing emails replicating the bank's correspondence.

      The email might include personal information that only the bank would know, increasing the likelihood of a victim clicking a link or opening an attachment—most likely containing malicious packages giving criminals access to the victim's device and network!

      Once attackers breach a user's device, they steal data and passwords to access other accounts, devices, and networks.

      Protecting your company's passwords is crucial to preventing a full breach of your systems and accounts!

      ‏‏‎ ‎

      Protecting Passwords with TeamPassword

      TeamPassword is a password manager designed for small businesses to share credentials safely amongst team members.

      You never have to share raw login credentials. Instead, all of your passwords are safely stored and shared with TeamPassword. Employees use one of TeamPassword's browser extensions to log in—exactly as you would with a password saved in a browser.

      With two-factor authentication 2FA, even if attackers steal a team member's password through a phishing attack, they won't have access to your TeamPassword account.

      Creating, Storing, & Saving Passwords

      TeamPassword features a built-in password generator, so you never have to worry about weak passwords or reusing credentials. You can create passwords from 12-32 characters using uppercase, lowercase, numbers, and symbols.

      Once a new password is created, TeamPassword automatically updates the new credentials for all users so team members can continue working without interruption.

      Groups & Sharing

      You can create groups for your various accounts and only provide access to those who need it. 

      If you work with freelancers or contractors, you can add them to a group for the duration of their employment and remove them when the job is done—no need to change credentials when a team member leaves!

      Keep Track of TeamPassword Activity

      TeamPassword's activity log provides you with dates and times of login history. You can also set up email notifications for every TeamPassword action, allowing you to stay on top of your most sensitive data and accounts.

      Accredited Secure Hosting Provider

      TeamPassword uses state-of-the-art encryption technology and holds several internationally recognized security accreditations.\

      Our team regularly conducts vulnerability sweeps to ensure our systems are watertight against breaches and attacks.

      ‏‏‎ ‎

      Get TeamPassword for Free!

      Don't let your business become another data-breach statistic! Sign up for a 14-day free trial and secure your company's digital assets with TeamPassword today!

      Enhance your password security

      The best software to generate and have your passwords managed correctly.

      TeamPassword Screenshot
      facebook social icon
      twitter social icon
      linkedin social icon
      Related Posts
      Facial recognition biometric

      Cybersecurity

      November 24, 20248 min read

      What are the Disadvantages of Biometrics?

      Biometric authentication is changing how we secure our digital lives, but is it foolproof? Explore its benefits, drawbacks, ...

      Why Do Hackers Want Your Email Address?

      Cybersecurity

      November 21, 202413 min read

      What Can Hackers Do with your Email Address?

      Email is used for password resets, 2FA authorization, and other identity verification. Learn how hackers exploit yours and ...

      Employees standing around computer discussing code

      Cybersecurity

      November 15, 202410 min read

      Creating a Company Culture for Security | 5 Actionable Insights

      Security is both a technical and cultural issue. Employees who value and promote security will prevent cyberattacks, protect ...

      Never miss an update!

      Subscribe to our blog for more posts like this.

      Promotional image