First American, one of the largest insurance companies in the United States, has confirmed the loss of confidential data of thousands of people in a ransomware attack.
News of a cyberattack on First American emerged in late December 2023, forcing it to shut down some of its systems, including its website. Shortly after, he filed a form with the US Securities and Exchange Commission (SEC) confirming that this was attacked with ransomware and saying that he suspected that the attackers stole sensitive information:
“Although the incident is still under investigation, the Company believes that the perpetrator of the activity accessed certain Company systems, exfiltrated data, and encrypted data on certain non-production systems,” First American said in the document. “The Company continues to evaluate whether the incident will have a material impact on the Company's financial condition or results of operations, which cannot be determined at this time.”
Investigation concluded
Now, an updated form filed on May 28 notes that the company has concluded its investigation into the incident.
“Based on our investigation and findings, the Company has determined that personal information belonging to approximately 44,000 individuals may have been accessed without authorization as a result of the incident,” the update reads.
“The Company will provide appropriate notifications to potentially affected individuals and offer credit monitoring and identity protection services at no cost to them.”
Unfortunately, it is still unknown who the threat actors are or what type of data they stole. Typically, ransomware operators come forward to claim responsibility for the attack and threaten to publish the stolen data on the dark web, as a way to pressure the victim into paying their ransom demand. The threat also usually comes with a sample of the stolen data, which could give investigators more information about what was lost.