Good afternoon —
Last week, title giant First American settled with the SEC over a cybersecurity violation, paying a small penalty of less than $500K. The security flaw, found in 2019 but dating back to 2003, concerned more than 800 million images, but First American says that the personal information of only 32 consumers was exposed.
In the world of cyber breaches, that's a truly microscopic number of harmed consumers, but it's just the latest reminder that your company is constantly under attack.
The dramatic ransomware takedown of the Colonial Pipeline Co. in April, for example, was the result of a single compromised password for a VPN. Although the VPN account was no longer in use, it still provided access to the company's network.
And we still don't know exactly how hackers got access to Florida's water system, where they raised the amount of lye to poisonous levels. But the hack almost seems inevitable — the IT infrastructure that underpins the state government experiences four million cyberattacks a day. You read that right: four million attacks every single day.
In the case of First American, the company said there was a design defect in an application that made it possible to gain unauthorized access to customer data. Per the SEC's statement: "First American's senior management was completely unaware of this vulnerability and the company's failure to remediate it."
It's chilling to think what vulnerabilities senior leaders in our industry might be unaware of in their own systems. If bad actors are targeting a particular state's infrastructure four million times a day, what would the total be for all of the companies involved in the mortgage transaction? It's what you don't see coming that can cause the most harm.
Stay vigilant —
Sarah Wheeler
HousingWire Editor in Chief
EmoticonEmoticon