First American fined $1M by NYDFS over 2019 cybersecurity breach

Privacy data access

A title insurance company agreed to pay a $1 million fine and implement stronger compliance measures for allegedly not securing customers’ personal data, particularly during a 2019 cybersecurity breach.

First American Title Insurance Company, the second largest title insurer in the nation, did not address a known vulnerability on its proprietary storage platform, EaglePro, before the issue was exposed by a cybersecurity journalist months later, according to the New York State Department of Financial Services (NYDFS). The regulator announced the action Tuesday.

Under the NYDFS’s 2017 Cybersecurity Regulation, First American was required to have controls in place to secure its customer data.

THIS IS MEMBERS-ONLY CONTENT

SINGLE MEMBERSHIP                                             CORPORATE MEMBERSHIP

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.