Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

US insurance giant First American confirms it was hit by a ransomware attack

Cyberattack.

First American, one of the largest insurance companies in the United States, has confirmed the cyber-incident it suffered in late December 2023 was indeed a ransomware attack.

As spotted by Cybersecurity Dive, the company filed an updated 8-K form with the Securities and Exchange Commission (SEC) on Friday, December 29, 2023. 

In the filing, the insurance behemoth confirmed suffering a ransomware attack and claimed to be working on addressing it.

American financial behemoth

“Though the incident is still under investigation, the Company believes the perpetrator of the activity accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems,” First American said in the filing. “The Company continues to assess whether the incident will have a material impact on the Company’s financial condition or results of operations, which at this point cannot be determined.”

The initial reports emerged around December 20. Back then, First American reported “unauthorized activity” on some of its IT systems. 

“Upon detection of the unauthorized activity, the Company took steps in an effort to contain, assess and remediate the incident. On December 20, 2023, the Company elected to isolate systems from the Internet,” the filing further explained. “The Company has retained leading experts, worked with law enforcement, and notified certain regulatory authorities.”

Since then, First American believes it has successfully contained the attack and is now in the process of restoring access to its systems and resuming normal business operations.

First American Financial Corporation is a US financial services company that provides title insurance and settlement services to the real estate and mortgage industries. It was founded in 1889, and last year generated $7.6 billion in revenue. Headquartered in California, it has more than 21,000 employees. 

This is not the only time First American has suffered a cyberattack. Roughly a month ago, it paid a $1 million penalty to settle violations of New York’s Department of Financial Services’ (DFS) Cybersecurity Regulation, for a data breach that occurred in May 2019.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.