Cyber Incident Victim: American Land Title Association
Date:
Jul 2019
Location:
United States of America
Summary
The American Land Title Association (ALTA) issued an industry breach alert after an individual claiming to be an ethical hacker provided stolen records via Twitter, containing approximately 600 entries of domain identification, IP addresses, usernames, and passwords impacting title and non-title entities. Analysis revealed 182 unique email addresses and 154 unique domains, with no confirmed origin of the data, active status of credentials, or evidence of a specific system compromise. The incident followed prior phishing campaigns impersonating the association, and the compromised credentials raised concerns about potential unauthorized access or fraudulent property transactions, echoing historical risks of title fraud involving forged documents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 6, 2019, the American Land Title Association (ALTA) issued an industry breach alert after an individual claiming to be an ethical hacker contacted the organization via Twitter and provided files containing approximately 600 data entries. The compromised information included domain identification details, IP addresses, usernames, and passwords belonging to both title companies and non-title entities. ALTA's IT department initiated analysis of the dataset to determine the sensitivity of exposed information and identify affected organizations, though no specific system breach origin was immediately evident. The association clarified there was no indication whether the credentials remained active or how they had been obtained, while noting the hacker appeared to be contacting additional individuals and companies identifiable from the data. By July 9, ALTA updated its analysis, revealing the dataset contained 182 unique email addresses (with some appearing multiple times with different passwords) and 154 unique domains (some listed repeatedly with varying email addresses), committing to notify primary contacts at companies with compromised domains within 48 hours.
The incident exposed potential risks of unauthorized system access through stolen credentials, though ALTA found no evidence confirming active network or application compromises. The association directed members to monitor systems for suspicious activity and report phishing emails to the FBI's Internet Crime Complaint Center, while requesting additional incident details be sent to [email protected]. This event followed a late-May 2019 phishing campaign where ALTA members received fraudulent emails mimicking association communications, containing malicious PDF attachments under the subject line "Changes & Updates to Member Directory." Historical context included ALTA's December 2018 fraud alert regarding LLC identity theft schemes, where criminals exploited property loan information to create fraudulent land title instruments. The association had previously disseminated educational resources to help employees identify phishing attempts through indicators like misspellings, formatting errors, suspicious attachments, and deceptive hyperlinks.