Millions of Financial Documents Exposed

December 02, 2019

Leasing a car, taking out a loan, or buying a house are all things that many of us have been a part of at least once in our life. Each of these things include a large amount of paperwork and you are required to hand over sensitive personal information to another entity. An example of one of these entities is First American Financial Corp, one of the leading companies for real estate titles. They store an extremely large pool of sensitive information, approximately 885 million documents, in fact.

When using services by First American you were provided a web link so you could view your specific information related to a specific service. The assumption was this link should only be accessible by you through a onetime use or expiration. However it was discovered, according to a security report by KrebsOnSecurity, that the links provided were not so unique after all. If you simply adjusted the URL provided to you by one digit you would be directed to the next document in the database, regardless of whose documents they were. Luckily, First American was able to easily address and fix this security vulnerability, but that doesn’t mean information was not immediately harvested and could still potentially lead to identity theft or fraud.

It is evident from cases like this that security measures need to be in place at every step of the process when you are in possession of sensitive data. A Security Risk Analysis can help you assess and remediate vulnerabilities during every step of your workflow.