First American says its funds are secure despite cyberattack

Title insurance company First American said all funds held at First American Trust and third-party partner banks remain secure despite a cyberattack affecting company operations since last week.

The real estate giant provided several updates on a cyberattack first announced Dec. 21 in a brief advisory posted on a temporary website.

On Wednesday, the company said that despite the “unfortunate disruption to normal business operations,” it is still able to process funds “securely.”

“Our bank, First American Trust, continues to accept incoming wire transfers, and all funds from First American Trust and our third-party partner banks remain secure,” they said.

The company also wrote on its temporary website Friday that its email system had been taken offline and warned customers to be wary of emails claiming to be from First American, First American Title or FirstAm.com.

This notice came after First American regulatory documents filed with the SEC on December 22 notifying the agency of the cyberattack.

The company did not respond to requests for comment on whether the incident is a ransomware attack. The 8-K filing with the SEC indicates that the company recently identified unauthorized activity on certain systems and has since isolated the systems from the Internet.

“The Company is working diligently to restore these systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time,” First American said.

“The Company has retained leading experts, is working with law enforcement and has notified certain regulatory authorities. During the disruption, the company’s main website may be inaccessible or inoperable.

In reference to recent regulations instituted by the SEC, First American said it is “still evaluating the impact of the incident and whether it could have a material impact on its financial condition and results of operations, which does not can be determined at this stage.

Last week, new rules came into force requiring companies to promptly disclose “significant” cybersecurity incidents and share details of their cybersecurity risk management, strategy and governance with the commission annually.

Companies must report issues in 8-K filings within four business days unless the U.S. Attorney General determines that disclosure would threaten national security or public safety.

First American is one of the largest providers of title insurance and settlement services to U.S. real estate companies and mortgage originators.

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.