Breach taxonomy
Summary
First American Financial Corporation identified unauthorized activity on certain IT systems and on December 20, 2023 elected to isolate those systems from the Internet. The company's primary website became inaccessible or inoperative as a result. The company retained leading experts, worked with law enforcement, and notified certain regulatory authorities. As of the filing date, the duration and extent of the disruption could not be estimated.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to any specific threat actor → UNKNOWN.
MethodsSystem Outage
Filing describes unauthorized activity on IT systems requiring isolation from the internet; no specific attack method disclosed.
AssetsRevenue Process
Filing describes isolation of systems from the internet making the company's primary website inaccessible, disrupting the core revenue-generating platform of a major title insurance company.
EffectsBiz Interruption
System isolation made the primary website inaccessible or inoperative, causing significant business interruption to First American's title insurance and real estate settlement operations.
Business continuityPartial
Filing states the company created a special website for communications about the incident and is working to restore systems, but primary website was inaccessible with duration unknown → Partial.
Impact
Major title insurance company's primary website and systems were taken offline with unknown recovery timeline; significant disruption to real estate settlement operations but scope and duration not yet determined at filing.
InsuranceNot disclosed
Filing makes no mention of insurance.
Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incidents. First American Financial Corporation recently identified unauthorized activity on certain of its information technology systems. Upon detection of the unauthorized activity, the Company took steps in an effort to contain, assess and remediate the incident. On December 20, 2023, the Company elected to isolate systems from the Internet. The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time. The Company has retained leading experts, is working with law enforcement and notified certain regulatory authorities. During the disruption, the Company's primary website may be inaccessible or inoperative. The Company has created a special website for communications about the incident at the following URL: www.firstamupdate.com. Please access that site for further information.