(Reuters) – AMERICAN real estate title insurance company First American Financial Corp said on Friday it had learned of a design defect in one of the production applications that had made possible unauthorized access to customer data.
The decision is sent in response to a report from security news website Krebs on Security, who said that the First American web site had exposed about 885 million files dating back to 2003.
First American said it had shut down access to the application and was evaluating the impact of the defect.
“We are currently evaluating what effect, if any, this had on the security of the customer data. We have hired an outside forensic company to assure us that there is no meaningful unauthorized access to our customer data,” First American said in a statement via e-mail.
Digitised documents, such as bank account numbers and statements, mortgage and tax records, social security numbers, wire transaction receipts, and driver’s license images were available without authentication to anyone with a web browser, according to the Krebs on Security report little.ly/2HQUbkj.
The report added that there is no information about the question or fraudsters had been aware of the exposure.
First American Financial shares fell 2.2 percent to $54.05 in after-market trading.
Reporting by Kanishka Singh in Bengaluru, Editing by Rosalba O’brien