First American Title
A major title insurance company exposed the most sensitive documents from home purchases—SSNs, bank accounts, and wire transfer details.
What happened?
First American Title, one of the largest title insurance companies in the United States, disclosed another data breach affecting real estate transaction documents. Title companies are the custodians of closing documents—and those documents contain the most comprehensive financial information people ever assemble in one place.
What data was actually inside?
Real estate closings require complete financial disclosure: Social Security numbers, bank account numbers, mortgage applications, tax returns, wire transfer instructions, and property details. Every document needed to prove you can afford a home—now potentially exposed.
Wire transfer details are particularly dangerous—attackers use this information for business email compromise, redirecting home purchase funds to criminal accounts.
Who gets hurt and how?
Homebuyers and sellers who trusted their most sensitive financial documents to the closing process. People buying their first home, refinancing, or selling properties—all had complete financial profiles assembled and now exposed. The data enables comprehensive identity theft and mortgage fraud.
Wire fraud is an immediate threat. Attackers can impersonate title companies and redirect closing funds—costing buyers their entire down payment.
What did they think they were doing right?
First American is one of the Fortune 500, processing millions of real estate transactions annually. They have security programs, insurance, and regulatory oversight. Real estate professionals rely on them for secure document handling. They've dealt with data security issues before.
The fact that this isn't First American's first breach raises questions about whether they've learned from previous incidents.
What did they not know about their own data?
First American didn't know how accessible their closing documents were. Real estate transactions generate massive document packages—each one containing a complete financial identity. Historical transactions accumulate, creating archives of sensitive data from years of closings.
They knew they had closing documents. They didn't know how exposed those documents were across their systems.
What does attribution look like the morning after?
Notifications to affected homebuyers and sellers. Real estate agents and mortgage brokers answering questions. State insurance commissioner inquiries. Potential FTC scrutiny given prior incidents. The breach affects not just First American but the entire real estate transaction chain.
For repeat offenders, regulatory patience runs thin. Each incident adds to a pattern that demands stronger enforcement.
What would have changed the outcome?
Knowing where closing documents and wire instructions live—everywhere.
If First American had comprehensive visibility into their document repositories—every closing file, every wire instruction, every SSN—they could have protected this data appropriately and detected unauthorized access. Closing documents are the most sensitive financial records people produce. They deserve protection that matches their sensitivity.
Don't Learn What You Have From an Attacker
First American didn't know what closing documents were exposed until it was too late. Risk Finder shows you first.
Start Your Risk Assessment