Dive Brief:

• First American Financial said the threat actors behind a previously disclosed Dec. 20 cyberattack accessed and stole non-production systems company data, which was later encrypted, according to an amended 8-K filing on Friday with the Securities and Exchange Commission. 
• First American said the incident is contained and the company is in the process of restoring access to its systems and resuming normal business operations, according to the filing. The First American Trust banking unit is back online and operational following a December cyberattack, the company said in an online update Tuesday. First American Financial said Wednesday that it has restored its systems, including employee email.
• The nation’s second largest title insurance firm is still investigating the attack and has not yet determined whether the incident will have a material impact on its financial condition or results of operations.

Dive Insight:

The new disclosures will likely raise questions about the company’s risk mitigation issues and renew security concerns about the larger title insurance industry. 

Fitch Ratings on Dec. 26 said it was monitoring the First American cyberattack, but noted it was unlikely to impact near term ratings unless longer term business was constrained or if the investigation revealed wider governance or risk management issues. 

Gerry Glombicki, senior director at Fitch Ratings, said the impact of the attack will likely be limited somewhat because the service disruptions took place over the Christmas holiday, however noted some year-end commercial closings could be at risk. 

First American restored access to several key systems on Thursday and Friday, including the company’s ACI appraisal system, the AgentNet platform for title agents and the Prism marketing and automation toolkit. 

First American reached a $1 million settlement with the New York Department of Financial Services last month over a massive 2019 data breach that led to hundreds of millions of customer records being exposed. 

A spokesperson for NY DFS on Thursday said the agency was “closely monitoring” the situation and sent out an industry letter warning about the risk of fraudulent emails being sent to customers. The company previously warned customers about potential phishing attempts. 

The First American attack came just weeks after Fidelity National Financial, the nation’s largest title insurance firm, was hit by a suspected ransomware attack in November. 

The prolific AlphV/BlackCat organization, linked to the high profile attacks against MGM Resorts, Caesars Entertainment and others, claimed credit for the Fidelity attack, which resulted in credentials being stolen. 

Fidelity National Financial confirmed it had insurance coverage, but has not yet determined whether that attack will be considered material.