First American Financial Corporation (FAFC) disclosed millions of sensitive mortgage documents on an unprotected website. Researchers found a website, “www.firstam.com,” which is part of the FAFC website that was unprotected and contained documents that include bank account numbers, bank statements, mortgage and tax records, social security numbers, wire transaction receipts, and driver’s license images. According to researchers, anyone who knew of the link only needed a 9-digit number to be able to view a file. Anyone would be able to change the 9-digit code and access any information they desired. The files dated back more than 16 years and contained more than 885 million individual records. FAFC was notified of the issue and took the site down and then disabled external access to the application. FAFC is currently doing an internal investigation to determine the extent of the leaked data. It is unclear as to who accessed the data to date and if the information was copied.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is