First American Financial Corporation

First American Financial document exposure

An insecure direct object reference (IDOR) flaw on First American Financial's website exposed roughly 885 million title-insurance and mortgage documents — including Social Security numbers, bank account details, and driver's-license images — dating back to 2003, accessible to anyone without authentication.

Victim

First American Financial Corporation

Loss

$1.5M

Records

885.0M