The New York State Department of Financial Services (DFS) has imposed a $1 million penalty on First American Title Insurance Co. following a significant cybersecurity breach in May 2019. This breach resulted in the exposure of sensitive consumer information. The company, responsible for collecting and storing personal and financial data in real estate transactions, experienced a vulnerability in its EaglePro application. This flaw allowed unauthorized access to private documents, compromising the security of consumer data.
DFS’s investigation revealed that First American Title Insurance breached several cybersecurity regulations. They lacked effective measures in governance, classification, access controls, identity management, and risk assessment. These shortcomings in their cybersecurity framework allowed the EaglePro application to become susceptible to unauthorized access, thereby putting consumer information at risk.
In response to the incident, alongside the imposed penalty, First American Title Insurance has agreed to undertake remedial actions to enhance data security and protect consumer information. This enforcement action by DFS underscores the increasing importance of robust cybersecurity practices in the financial services industry. The DFS cybersecurity regulation, effective since March 2017, aims to safeguard New York businesses and consumers against evolving cyber threats, with recent amendments strengthening its reach and impact.