First American Financial on Wednesday said it is still able to close loans safely and securely despite a cyber incident that disrupted operations last week and is accepting incoming wire transfers through its bank, First American Trust, according to an update on its temporary website. 

All funds at First American Trust and its third-party partner banks remain secure, according to the update. 

First American Financial’s website, FirstAm.com, is back up and running, according to a spokesperson.  It is not immediately clear how much functionality is available through the main website.

Fitch Ratings on Tuesday said it would be monitoring the cybersecurity incident, but added it was unlikely to impact the company’s ratings in the near term due to “significant headroom” in the company’s ratings. 

Fitch said ratings could be impacted if longer term business operations remained constrained, if the investigation showed weak corporate governance or risk management or if the company disclosed material adverse information.

First American Financial on Friday said it was working diligently to recover from an unauthorized cyber incident that led it to isolate its systems from the internet, according to a filing with the Securities and Exchange Commission. 

The firm, the nation’s second-largest title insurance provider, has taken steps to restore normal operations, but was not able to estimate the time or extent of the disruption, according to the filing. First American was assessing whether the disruption will have a material impact on its operations or financial condition, but said it is too soon to make a determination. 

The company decided to disconnect its systems Dec. 20 after detecting the unauthorized activity, and took steps to isolate, contain and remediate the attack. The company has brought in incident response experts, contacted law enforcement and notified certain regulatory authorities, it said in the filing.

The company Friday warned customers that its email systems were offline, and to be careful about clicking any email claiming to be from First American, First American Title or FirstAm.com.

First American Financial’s site is down, but the company is posting status updates on the disruption on a temporary site.

The disruption comes less than a month after New York state financial regulators reached a $1 million settlement with the company related to a 2019 data breach that exposed 885 million customer records at its First American Title Insurance unit.

The cyber incident follows a November attack against Fidelity National Financial, which forced that company to pause operations for several days. Fidelity earlier this month confirmed the cyberattack briefly impacted real estate closings, but said it was still evaluating potential financial impacts on the company. 

The notorious AlphV/BlackCat group claimed responsibility for the alleged ransomware attack. Fidelity did not confirm the receipt of any ransom demand.

This First American attack marks the third major cyber disruption involving the real estate industry in recent months. 

Mr. Cooper Group, a mortgage loan servicer, was also impacted by an attack in late October that ultimately exposed the personal data on every current and former customer. 

First American also reached a settlement with the Securities and Exchange Commission in 2021 for its failure to maintain disclosure controls over the same issues raised in the New York case. 

First American did not admit-nor-deny the allegations, but agreed to a $488,000 fine and a cease-and-desist order in the SEC case. 

The SEC said senior executives were not made aware of vulnerabilities within First American’s applications.