The regulator is reportedly investigating whether the breach – which exposed 885 million mortgage files – was the result of a violation of federal securities laws
The Securities and Exchange Commission is reportedly investigating a data leak at title insurance giant First American Financial Corp. that exposed hundreds of millions of mortgage documents.
The data leak was first reported in May by security expert Brian Krebs, who runs the website KrebsOnSecurity.com. According to Krebs, First American’s webside exposed 885 million files, including files that featured homebuyers’ and sellers’ bank account numbers and other personal information.
Krebs was initially tipped off by Seattle real estate developer Ben Shoval. Recently, Shoval received a letter from the SEC’s enforcement division that said the agency was investigating the breach to determine if First American had violated securities laws, KrebsOnSecurity reported.
“This investigation is a non-public, fact-finding inquiry,” the letter said. “The investigation does not mean that we have concluded that anyone has violated the law.”
The SEC isn’t the only agency looking into the data breach. In June, the New York Department of Financial Services sent a letter to First American asking when the leak was discovered, what steps were being taken to address the problem, and how many people in New York state had been affected by the breach.
First American is also facing a class-action lawsuit that alleges that it “failed to implement even rudimentary security measures” to avoid the breach.
First American maintains that the breach didn’t cause much harm. In a July statement, the company said that it had identified only 32 consumers whose personal information was likely accessed without authorization, KrebsOnSecurity reported.
“These 32 consumers have been notified and offered complimentary credit monitoring services,” First American said.