The latest economic and policy trends facing mortgage servicers

Join this webinar for an in-depth roundtable discussion on economic and policy trends impacting servicers as well as a look ahead at strategies servicers should employ in the next year.

2021 RealTrends Brokerage Compensation Report

For the study, RealTrends surveyed all the firms on the 2021 RealTrends 500 and Nation’s Best rankings, asking for annual compensation data for the 2020 calendar year.

Zillow analyst on whether home prices can keep climbing

Today’s episode of HousingWire Daily features an interview with Nicole Bachaud, as she discusses annual and monthly home price appreciation growth, rising inventory levels and rent prices.

Lenders, it’s time to consider offering non-QM products

The non-QM market is making a comeback following a pause in 2020. As lenders rush to implement, Angel Oak is helping them adopt these new lending products.

FintechReal Estate

First American left millions of real estate records exposed

Data included bank account details, mortgage information, tax records and phone numbers

First American shut down external access to an application on Friday after cybersecurity expert Brian Krebs alerted the title insurer that millions of records were exposed online. 

“The digitized records – including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images – were available without authentication to anyone with a Web browser,” Krebs wrote

Krebs, widely followed by security experts via his krebsonsecurity.com website, said the documents he accessed included current records as well as data going back to 2003. He said he didn’t know if anyone had accessed the information for criminal purposes.

“As of the morning of May 24, firstam.com was returning documents up to the present day (885,000,000+), including many PDFs and post-dated forms for upcoming real estate closings,” Krebs wrote. “By 2 p.m. ET Friday, the company had disabled the site that served the records. It’s not yet clear how long the site remained in its promiscuous state, but archive.org shows documents available from the site dating back to at least March 2017.”

Krebs posted an image of a record he got from the site related to the sale of a home in Scottsdale, Arizona. The document included Social Security number, mobile phone number, home address, email address and marital status. Krebs redacted that information to protect the seller’s privacy.

There is no evidence the security hole was exploited, First American said in a regulatory filing today. If that changes, the company will notify affected customers and provide credit monitoring services to them, the company said.

“An outside forensic firm has been retained to aid in assessing the extent to which any customer information may have been compromised,” First American said in the filing with the Securities and Exchange Commission. “Though the ongoing investigation is in its early stages, at this time there is no indication that any large-scale unauthorized access to sensitive customer information occurred.”

First American set up a web page it said it will use to provide updates on the security incident. Click here to access it.

Also included in the SEC filing was a statement from First American CEO Dennis Gilmore: “We deeply regret the concern this defect has caused. We are thoroughly investigating this matter and are fully committed to protecting the security, privacy and confidentiality of the information entrusted to us by our customers.”

Earlier, First American gave the following statement to Krebs:

“First American has learned of a design defect in an application that made possible unauthorized access to customer data. At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.”

Krebs detailed how criminals could use the information if they downloaded it before First American blocked access:

“The information exposed by First American would be a virtual gold mine for phishers and scammers involved in so-called Business Email Compromise (BEC) scams, which often impersonate real estate agents, closing agencies, title and escrow firms in a bid to trick property buyers into wiring funds to fraudsters,” Krebs wrote. 

“According to the FBI, BEC scams are the most costly form of cybercrime today,” he said. “Armed with a single link to a First American document, BEC scammers would have an endless supply of very convincing phishing templates to use. A database like this also would give fraudsters a constant feed of new information about upcoming real estate financial transactions – including the email addresses, names and phone numbers of the closing agents and buyers.”

Publisher’s Note: This story has been updated by HousingWire to reflect information impact categories per standards set by the National Institute of Standards and Technology and other information security experts. At this time, per HousingWire definitions, the Publisher is classifying this incident as a data exposure. (June 3, 2019)

 

Most Popular Articles

These are the hottest housing markets in America

A housing market report from RE/MAX found that 36 of 51 metro areas had double-digit year over year sale price increases in August. Boise led the way.

Sep 17, 2021 By

Latest Articles

Housing permits hold the key for economic expansion

Housing permits, for me, is one of the most important housing and economic data lines we have in America. As long as housing permits are moving upward, not only is housing doing ok but the economic expansion is moving along nicely post-1996. HW+ Premium Content.

Sep 21, 2021 By
3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please