First American Suffers Second Cyberattack Post $1M NY DFS Penalty

Claim Your FREE Cybersecurity Risk Assessment for peace of mind before leaving the office.

Repeat Nightmare: First American Suffers Second Cyberattack Post $1M NY DFS Penalty

First American Financial Corporation, a major player in the U.S. title insurance market, is grappling with a new cybersecurity crisis just weeks after settling a significant $1 million dollar penalty for past cybersecurity lapses. 

Immediate Response to the Second Breach 

In a swift move to mitigate damage, First American has shut down key systems. “We’ve experienced a cybersecurity incident,” the company acknowledged in a public statement. This comes shortly after their website went offline, an action preceding the announcement of the attack. 

Measures Amidst Crisis 

The company’s immediate response included taking certain systems offline. “Our priority is to resume normal business operations safely and securely,” First American emphasized. This decisive action underlines the gravity of the situation and the company’s commitment to safeguarding its systems and client data.

A Million-Dollar Penalty Looking To Be Increased 

This cyberattack follows closely on the heels of a $1 million penalty paid to New York’s Department of Financial Services (NYDFS) on November 28. This settlement was in response to violations of NYDFS’ Cybersecurity Regulation, linked to a May 2019 data breach. The breach exposed a critical vulnerability in First American’s EaglePro application, potentially compromising the personal and financial data of countless individuals. 

As part of the settlement, First American was also mandated to implement substantial measures to enhance data security, which now due to a further cybersecurity attack seems to have failed on executing.  

The Escalating Cybersecurity Law Requirements 

The recent amendments to the DFS Cybersecurity Regulation, driven by incidents like the First American breach, underscore a growing recognition of cybersecurity’s critical role in protecting sensitive information in the digital era. These changes signal a shift towards more stringent enforcement and higher standards for data protection across the board. 

Impact on Independent Insurance Agencies 

For independent insurance agency owners, these evolving regulations mean that cybersecurity can no longer be an afterthought or a secondary priority. The reality is that breaches of non-public data can have far-reaching consequences, not just for large corporations like First American but for agencies of all sizes. Failing to comply with these stricter laws not only risks data breaches but also exposes agencies to severe penalties and reputational damage, increased upon by the stricter requirements of the latest DFS Amendments and Penalty Definitions.  

Stop waiting until your Agency is hit with a cyberattack. Take the proactive first step towards verifying your compliance with NYDFS with a FREE Complete Technology Assessment and Compliance Review: Click here to Schedule.