Cyber Incident Victim: First American Financial Corporation
Date:
Dec 2023
Location:
United States of America
Summary
First American Financial Corporation experienced unauthorized activity on certain information technology systems, prompting containment measures including system isolation from the internet and temporary service disruptions. The incident impacted primary website accessibility, email operations, and property research tools DataTree and DataTrace, though core banking functions at First American Trust remained secure with limited wire acceptance. Restoration efforts progressively reinstated the home warranty portal, title data platforms, and partial website functionality while maintaining collaboration with law enforcement, cybersecurity experts, and regulators. The company acknowledged ongoing operational limitations but could not determine the full duration or extent of the disruption during recovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
First American Financial Corporation detected unauthorized activity on certain information technology systems on December 20, 2023. The company immediately initiated containment protocols by isolating affected systems from the Internet to prevent further unauthorized access. This action caused widespread operational disruptions, including the inaccessibility of FirstAm.com and the temporary shutdown of First American's email system. Customers attempting to access the primary website encountered errors or incomplete functionality, while external communications were disrupted as email services remained offline. The company issued public advisories warning recipients to exercise caution with any emails purporting to originate from First American entities due to heightened cybersecurity risks during the outage. First American Trust banking operations maintained limited functionality, continuing to accept incoming wires while assuring customers that funds held at First American Trust and third-party partner banks remained secure throughout the incident.
Restoration efforts proceeded incrementally over the following week, with critical systems returning online in stages. FirstAm.com resumed operations with partial functionality by December 28 at 5:01 AM PT, though some service limitations persisted. Property records research tools DataTree and DataTrace were restored later that same day at 7:51 PM PT, reinstating access to title data resources. First American Home Warranty's site became fully operational for service and sales needs earlier on December 28 at 2:22 PM PT. The company engaged external cybersecurity experts and coordinated with law enforcement agencies while filing disclosures with the Securities and Exchange Commission regarding the incident's business impact. No estimated timeline for full operational restoration was provided during the initial response phase, with the company emphasizing ongoing efforts to return to normal business operations while maintaining system integrity safeguards.