About 885 million mortgage documents dating back to 2003 have been exposed by a data breach within First American Financial Corp., a title insurance provider.
The breach exposed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images online.
Anyone who knew the URL for a valid document at First American’s website could view other documents by modifying just a single digit within the link.
“The exposure suffered by First American underscores the need for a comprehensive approach to securing systems and networks, especially areas that house sensitive information,” Bob Rudis, chief data scientist at the Rapid7 Labs security company, told USA Today. “Firewalls, anti-malware solutions, and other security-specific controls are not sufficient to reduce unwanted exposure.”