First American cybersecurity attack disrupts closings over holidays

The nation’s second largest title insurer, First American, as well as some of its subsidiaries, remain offline as of Wednesday morning in the wake of the title firm’s Dec. 20 cybersecurity incident. The systems outage has derailed closings across the country over the holidays for homebuyers and sellers using the company’s title services in more than 2,000 locations.

First American announced the incident mid-day on Thursday. On Friday, it notified clients that it had taken its email system offline and that recipients should be wary of any emails that come through from FirstAm.com. In addition, the title firm filed a document with the Securities and Exchange Commission last Friday, stating that it was “working diligently” to restore systems it had taken offline, but could not estimate “the duration or extent of the disruption at this time.”

The firm has been providing updates through a new website it created. No new updates or filings have been shared since last Friday.

Homebuyers, sellers and appraisers have been responding to the company’s LinkedIn announcement on the cybersecurity incident, asking for clarification. One buyer commented: “We wired in full payment for a home that was supposed to close last week. Now our funds are not accessible and we are on track to miss our close date.” In another comment, a home seller said they had been waiting on disbursement for 6 days.

The First American Financial umbrella includes First American Title Insurance and First American Title Guaranty, as well as nearly two dozen subsidiaries. As of Wednesday morning, the websites for DataTrace and ACI, a valuation technology subsidiary, remained offline. However, ServiceMac, First American’s mortgage servicer subsidiary, had come back online after being offline through Tuesday afternoon.

This latest cybersecurity attack at First American is unrelated to the May 2019 cybersecurity incident, in which it was recently asked to pay the New York Department of Financial Services (DFS) $1 million as part of a cybersecurity violation settlement.

First American is not the only title firm to face a cybersecurity attack in recent months.  In late November, Fidelity National Financial became the victim of a ransomware attack that took its systems offline for a few days. Ransomware gang AlphV/BlackCat later claimed responsibility for the attack. On Tuesday, mortgage subservicer and FNF subsidiary Loancare informed authorities that the data of about 1.3 million customers was compromised following the November cybersecurity attack.