First American Provides Update on its Investigation Into Reported Information Security Incident
Santa Ana, Calif., June 18, 2019 — First American Financial Corporation advises that it has corrected the reported design defect that created the potential for unauthorized access to certain customer data. The company also advises that the outside forensic firm, which was retained to assist in assessing the extent to which any customer information may have been compromised as a result of the defect, has substantially completed its investigation.
In its investigation to date, which included a review of system logs, the forensic firm, based on guidance from the company, identified 484 files that likely were accessed by individuals without authorization. The company has reviewed 211 of these files to date and determined that only 14 (or 6.6%) of those files contain non-public personal information. The company is in the process of notifying the affected consumers and will offer them complimentary credit monitoring services.
While the company has identified approximately 75,000 additional files that require examination, it believes that the vast majority do not contain non-public personal information. However, each of these files must be examined individually. Because these files consist of imaged documents and, consequently, the data contained in the files cannot be readily searched or sorted, the process of examining each file is intensive. If any non-public personal information is found in these files, the company will notify the affected consumer and offer complimentary credit monitoring services. Consumers who do not wish to wait for this process to be completed and who received a title insurance policy or escrow/closing services from First American Title Insurance Company or one of its affiliates on or after January 1, 2003 can sign up now for complimentary credit monitoring services through https://www.firstam.com/incidentupdate.
Certain statements made herein constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. These forward-looking statements can be identified by the fact that they do not relate strictly to historical or current facts and may contain the words "believe," "anticipate," "expect," "intend," "plan," "predict," "estimate," "project," "will be," "will continue," "will likely result," or other similar words and phrases or future or conditional verbs such as "will," "may," "might," "should," "would," or "could."
These forward-looking statements include, without limitation, statements regarding the number of relevant files and other anticipated results of the forensic investigation. These forward-looking statements are based on current expectations and assumptions that may prove to be incorrect. Risks and uncertainties exist that may cause results to differ materially from those set forth in these forward-looking statements. Factors that could cause the anticipated results to differ from those described in the forward-looking statements include, without limitation: factors associated with the completion of the forensic investigation and the risk factors described in the company's quarterly report on Form 10-Q for the quarter ended March 31, 2019, as filed with the Securities and Exchange Commission.
The forward-looking statements speak only as of the date they are made. The company does not undertake to update forward-looking statements to reflect circumstances or events that occur after the date the forward-looking statements are made.