First American, one of the largest insurance companies in the United States, has confirmed losing sensitive data on thousands of people in ransomware attack.
News of a cyberattack on First American emerged in late December 2023, forcing it to shut some of its systems down, including its website. Soon after, it filed a form with the US Securities and Exchange Commission (SEC) confirming that this was attacked with ransomware, and saying it suspected the attackers stole sensitive information:
“Though the incident is still under investigation, the Company believes the perpetrator of the activity accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems,” First American said in the filing. “The Company continues to assess whether the incident will have a material impact on the Company’s financial condition or results of operations, which at this point cannot be determined.”
Concluded investigation
Now, an updated form filed on May 28 notes the company has concluded its investigation into the incident.
“Based upon our investigation and findings, the Company has determined that personal information pertaining to approximately 44,000 individuals may have been accessed without authorization as a result of the incident,” the update reads.
“The Company will provide appropriate notifications to potentially affected individuals and offer those individuals credit monitoring and identity protection services at no cost to them.”
Sadly, it’s still not known who the threat actors are, or what type of data they stole. Usually, ransomware operators will come forward to claim responsibility for the attack and threaten to release the stolen data on the dark web, as a way to pressure the victim into paying its ransom demand. The threat also usually comes with a sample of the stolen data, which might give researchers more insight into what was lost.
