Anyone with a URL for a valid document could view other documents by modifying a single digit in the URL. Viewing another document did not require authentication.
The records exposed by the website included:
- Social Security numbers
- Mortgage and tax records
- Bank account numbers and statements
- Wire transaction receipts
- Driver’s license images
A data exposure or data leak is different than a data breach. In a breach, unauthorized access to sensitive information is intentional. In a data exposure like this one, the sensitive information is left out in the open, often because improper security measures were used.
According to a First American Financial Corp. spokesperson, the company took immediate action to shut down external access to the application and are evaluating the impact of the exposure on the security of customer information.
While there isn’t a lot you can do, if you’re a First American customer, to protect yourself against the possibility that your data was stolen as a result of this exposure, there are some other measures you can take.
“Watch your bank and credit card statements for suspicious activity. Consider purchasing credit monitoring or, better yet, avail yourself of a free credit monitoring offer from another security incident your data was involved in. You can also consider a credit freeze,” advises Wired.com.