Repeat Nightmare: First American Suffers Second Cyberattack Post $1M NY DFS Penalty
First American Financial Corporation, a major player in the U.S. title insurance market, is grappling with a new cybersecurity crisis just weeks after settling a significant $1 million dollar penalty for past cybersecurity lapses.
Immediate Response to the Second Breach
In a swift move to mitigate damage, First American has shut down key systems. “We’ve experienced a cybersecurity incident,” the company acknowledged in a public statement. This comes shortly after their website went offline, an action preceding the announcement of the attack.
Measures Amidst Crisis
The company’s immediate response included taking certain systems offline. “Our priority is to resume normal business operations safely and securely,” First American emphasized. This decisive action underlines the gravity of the situation and the company’s commitment to safeguarding its systems and client data.
A Million-Dollar Penalty Looking To Be Increased
This cyberattack follows closely on the heels of a $1 million penalty paid to New York’s Department of Financial Services (NYDFS) on November 28. This settlement was in response to violations of NYDFS’ Cybersecurity Regulation, linked to a May 2019 data breach. The breach exposed a critical vulnerability in First American’s EaglePro application, potentially compromising the personal and financial data of countless individuals.
As part of the settlement, First American was also mandated to implement substantial measures to enhance data security, which now due to a further cybersecurity attack seems to have failed on executing.
The Escalating Cybersecurity Law Requirements
The recent amendments to the DFS Cybersecurity Regulation, driven by incidents like the First American breach, underscore a growing recognition of cybersecurity’s critical role in protecting sensitive information in the digital era. These changes signal a shift towards more stringent enforcement and higher standards for data protection across the board.
Impact on Independent Insurance Agencies
For independent insurance agency owners, these evolving regulations mean that cybersecurity can no longer be an afterthought or a secondary priority. The reality is that breaches of non-public data can have far-reaching consequences, not just for large corporations like First American but for agencies of all sizes. Failing to comply with these stricter laws not only risks data breaches but also exposes agencies to severe penalties and reputational damage, increased upon by the stricter requirements of the latest DFS Amendments and Penalty Definitions.
Stop waiting until your Agency is hit with a cyberattack. Take the proactive first step towards verifying your compliance with NYDFS with a FREE Complete Technology Assessment and Compliance Review: Click here to Schedule.
Walter Contreras
Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.
