“We take it very, very serious and first of all, we structure our databases and our operating systems,” Mr. Gilmore said. Mr. Shoval contacted Mr. Krebs, who maintains a well-respected security news site, after getting little response from the company. Mr. Krebs notified First American and waited for the company to fix the flaw before publicizing it. Most of the 885 million exposed files were wire transactions with bank account numbers, data that First American collects because it is a widely used seller of real estate title insurance. “This is the kind of weakness that should have been found in a basic security assessment of the company’s website,” Mr. Krebs said.

Source: New York Times May 24, 2019 23:15 UTC