June 15, 2021
Real estate settlement services company First American Financial Corporation will pay a penalty of $487,616 to resolve allegations that the publicly-traded company released incomplete information about a cybersecurity vulnerability in its document sharing platform that exposed over 800 million document images dating back to 2003, including images containing sensitive personal data such as social security numbers and financial information. The SEC charged that First American had deficient disclosure controls that left senior management unaware of the company’s earlier discovery of the vulnerability and its attempts to remediate it. SEC
Tagged in: Cybersecurity and Data Breaches, Financial and Investment Fraud, Misrepresentations,