Data of millions of clients of U.S insurance company left unprotected

Data of millions of clients of U.S insurance company left unprotected

A website for a major title insurance company exposed hundreds of millions of records including bank account information, Social Security numbers, images of drivers’ licenses and mortgage and tax records, security expert Brian Krebs found.

First American Financial, which serves as a neutral party to help finalize real estate transactions, left approximately 885 million exposed to anyone who had the correct URL, Krebs found. No password was needed, just a web browser.

The information was secured on Friday, and it’s unclear if fraudsters accessed or abused the data before it was taken down.

A real estate developer reportedly alerted Krebs to the problem after he noticed he could access sensitive documents on the First American website by altering the string of digits at the end of a URL. The earliest document identified was from 2003 and the data included records through 2019.

Read also: Japan’s maiden commercially developed rocket reaches outer space for the first time

In a statement, First American said it fixed the problem.

“We are currently evaluating what effect, if any, this had on the security of customer information,” the company said. “We have hired an outside forensic firm to assure us that there has not been any meaningful unauthorized access to our customer data.”

The flaw is another example of how organizations can leak sensitive data through basic errors. On Tuesday, Google revealed findings it had been inadvertently storing some user passwords in plaintext, eschewing the industry standard practice of encrypting login credentials.

And on Wednesday, a researcher detailed how Instagram had been including personal contact information for users in its website’s source code.

Join the conversation


About the author

Ripples Nigeria

We are an online newspaper, very passionate about Nigerian politics, business and their leaders. We dig deeper, without borders and without fears.

Do NOT follow this link or you will be banned from the site!