Fact Checked

Title insurance company’s website flaw exposed millions of customer documents. Here’s how to help guard your info online.

Young businesswoman working on a computer in an office at nightImage: Young businesswoman working on a computer in an office at night
Editorial Note: Intuit Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our third-party advertisers don’t review, approve or endorse our editorial content. Information about financial products not offered on Credit Karma is collected independently. Our content is accurate to the best of our knowledge when posted.

A title insurance company’s website flaw exposed approximately 885 million documents with customer info, according to a new report — another reminder to do all you can to safeguard your data online.

  • Who could be impacted? The exposed files relate to mortgage deals since 2003 and were accessible through First American Financial’s website, the security news site KrebsOnSecurity reported. First American is a provider of title insurance and settlement services.
  • What was exposed? KrebsOnSecurity further reported that the exposed material included images of documents showing Social Security numbers, bank account numbers, driver’s licenses and tax records. Although these records were arguably unprotected, there’s no evidence — so far — that anyone outside the company actually accessed them.
  • What caused the security failure? According to a report in The Wall Street Journal, there was a defect in the design of one of First American Financial’s websites. With this defect, anyone with knowledge of the URL for a certain portion of the site could have accessed sensitive records without having to type in any password.
  • What has the company done to fix this flaw? A spokesperson for First American Financial said the company’s security team closed external access to the site, and a third party is currently investigating the issue.

How can you reduce your risk online? 

While there’s nothing you can do to prevent the kind of security issue that First American had, you can help yourself by staying alert to whatever might result from such an exposure. The IRS has some solid tips that apply not just to tax-related scams but other types of fraud.

And we always recommend the following steps to strengthen your online security generally:

1. Keep passwords secure. Try not to use the same password across many sites. If you use the same password for multiple accounts and one of them is exposed or compromised, that could mean your other accounts are compromised as well. To help keep track of all your passwords, you might want to use a password manager.

2. Add multifactor authentication. For an added layer of protection, think about putting two-factor authentication in place for any site or account that offers it. This will require you to first log in with your password, then confirm your identity by entering a code often sent to you via email or text.

3. Monitor your credit reports and consider a credit freeze. You can ask the three major consumer credit bureaus — Equifax, Experian and TransUnion — to freeze or lock your credit reports at any time. You can also get free credit monitoring if you’re a Credit Karma member. We’ll notify you if we notice important changes on your Equifax or TransUnion credit reports so that you can check for suspicious activity.


About the author: Paris Ward is a content strategist at Credit Karma, providing readers with the latest news that will aid their financial progress. She has more than a decade of experience as a writer and editor and holds a bachelor’s… Read more.