Threat Management

SEC, First American reach settlement over widespread data leak

CyberScoop reports that the Securities and Exchange Commission and First American Financial have settled charges for the real estate insurer's data leak in 2019, which resulted in the exposure of over 800 million document images.

First American, which has been charged for inadequate disclosure of the security vulnerability that prompted the massive data leak, will be paying a $487,616 fine to the SEC. According to the SEC, First American first disclosed the flaw months after it was identified by its information security staff, who did not fix the vulnerability and properly inform the company's top executives.

"As a result of First American's deficient disclosure controls, senior management was completely unaware of this vulnerability and the company's failure to remediate it. Issuers must ensure that information important to investors is reported up the corporate ladder to those responsible for disclosures," said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit.

"We're pleased to resolve this matter with the SEC and remain committed to compliance with all SEC disclosure control requirements," First American stated.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.