First American, a major insurance corporation in the United States, has verified the compromise of crucial data belonging to numerous individuals in a ransomware attack.
The news of a cyber intrusion at First American surfaced towards the end of December 2023, prompting the shutdown of various systems, including its official website. Shortly after, a submission was made to the US Securities and Exchange Commission (SEC) confirming the ransomware attack and expressing suspicions that the perpetrators accessed and possibly extracted sensitive information:
“While the details of the incident are still being probed, the organization believes that the culprit managed to breach specific systems, retrieve data, and encrypt information on select non-operational systems,” stated First American in the submission. “The entity is presently evaluating the potential impact of the incident on its financial standing and operational results, which remains indeterminable at this juncture.”
Investigation completed
An updated report filed on May 28 reveals that the firm has wrapped up its inquiry into the breach.
“Following our examination and discoveries, it has been established that personal data relating to roughly 44,000 individuals may have been illicitly accessed due to the incident,” as mentioned in the update.
“The entity is set to inform the potentially affected individuals accordingly and extend credit monitoring and identity safeguard services to those individuals at no cost to them.”
Regrettably, there is still uncertainty surrounding the identity of the threat actors and the nature of the data compromised. Generally, ransomware operators will step forward to claim responsibility for the breach and issue threats to disclose the acquired data on the dark web, as leverage to coerce the victim into meeting their ransom demands. The threat typically accompanies a snippet of the stolen data, which could offer researchers more insights into the extent of the breach.