[ad_1]
After a solid decade of ongoing corporate data breaches and exposures, one might think that large companies would at least have corrected the most basic and damaging types of data mismanagement. But there is obviously a long way to go. Independent security journalist Brian Krebs on Friday revealed that the real estate giant and title insurance company First American had 885 million confidential financial data dating back to 2003, posted on its website and accessible to all. And while there is currently no evidence that anyone has actually found and stolen information, it was so easy to grasp – and obviously so valuable to fraudsters – that it was hard to dismiss that possibility.
The hack
Krebs reports that the records on display included social security numbers, driver's license images, bank account numbers and statements, mortgage and tax documents, and wire transaction receipts, an absolute treasure for any fraudster or identity thief. An attacker who would determine the format of the company's document URLs might have entered the "registration number" of his choice – starting with "000000075", according to Krebs, and retrieved the documents associated with that client case. First American dismantled the site that populated the records at 14:00 ET Friday. Krebs informed the company of the situation earlier this week.
"First American has learned that a software has a design flaw making it possible for unauthorized access to customer data," the company said in a statement. "The company has immediately taken steps to remedy the situation and has shut down external access to the application, and we are assessing its potential impact on the security of customer information. no other comments until our internal review is over. "
First American did not answer WIRED's questions about the online exposure time of the recordings. The company announced that it had hired a forensic science company to determine if the customer data had already been stolen. Santa Ana, California-based First American is a Fortune 500 company with more than 18,000 employees.
Who is concerned
And many people! First American is the leading title insurance group in the United States, which means that it is often part of both buyers and lenders in real estate transactions across the country. And detailed financial and personal information related to fences potentially involves information about buyers and sellers.
While there is hope that the data will never have been stolen, millions of people would have been affected if that were the case. If you have bought or sold a house in recent years, there is a good chance that First American has helped.
Is that bad?
The First American exposure is a major incident because it highlights the limited progress made by many institutions in locking customer data. Perfect security is impossible, but the stakes are incredibly high and many large companies still ignore fundamental mistakes.
The good news is that the data presented does not necessarily mean stolen data. It is possible that no one has come across this asset before the company can secure it. But unlike other data leaks of the same magnitude, which largely involve combinations of passwords and usernames, the data from the first US report would have devastating long-term consequences for potential victims.
If you are a First American customer or if you believe you are part of a transaction that also involves the company, you can not do much to protect yourself from the risk of stealing your data as a result of this exposure. But watch your bank and credit card statements for suspicious activity. Think about buying credit monitoring services or, better yet, take advantage of a free credit monitoring offer from another security incident that your data was associated with. At this point, you are almost certainly qualified to do it. You can also consider a credit freeze.
Security specialists are still hoping that major security incidents, such as the notorious Equifax breach, will ring the alarm of all businesses. But the consequences of such missteps are just beginning. On Wednesday, for example, Moody's downgraded its valuation outlook for Equifax. A spokesman said: "This is the first time that cyber is a named factor in a change of perspective." Until other dramatic economic motivations emerge, disasters such as First American, or worse, will continue.
More great cable stories
[ad_2]
Source link