First American Financial Sued Over Alleged Data Breach

Bloomberg) -- First American Financial Corp., one of the biggest title insurers in the U.S., was sued by a client who claims the company’s lax security measures put him at risk of identity theft, along with millions of others whose personal information could be easily accessed through its website.

Pennsylvania resident David Gritz, who bought and flipped multiple houses, contends that First American Financial and First American Title “allowed anyone to access sensitive files of millions of customers,’’ by using document identification numbers that were sequential.

The lawsuit filed Monday in California follows the revelation Friday in an article by Brian Krebs, a cybersecurity expert, who said 885 million files were available without authentication to anyone with a web browser. The files going back to 2003 contained bank account numbers, social security numbers and financial and tax records, Gritz’s lawyers said.

First American Plunges Most Since 2011 on Data Breach Concerns

Gritz is suing on behalf of millions of customers nationwide whose data was compromised. First American “failed to implement even rudimentary security measures,’’ according to the complaint.

First American has shut down external access and retained an outside forensic firm to determine the extent any customer information might have been compromised, the company said in a statement on its website. “At this time there is no indication that any large-scale unauthorized access to sensitive customer information occurred,’’ the company said.

The case is Gritz v. First American Financial Corp., 19-cv-01009, U.S. District Court, Central District of California (Santa Ana).