The US Securities and Exchange Commission fined a $ 487,616 title insurance company for failing to adequately disclose a cybersecurity vulnerability that exposed sensitive customer information, the agency said Tuesday.
The SEC said in a statement that on May 24, 2019, a cybersecurity journalist announced Santa Ana, California-based First American Financial Corp. about a vulnerability in its application to share document images that exposed more than 800 million images from 2003, including images containing sensitive personal data such as social security and financial information
First American published a press release on the vulnerability on May 24, 2019 and submitted a Form 8-K to the SEC on May 28, 201
Kristina Littman, head of the SEC's cyber unit, said in a statement: "Issuers must ensure that information that is important to investors is reported up the corporate ladder to those responsible for disclosures."
An order issued by the SEC charges companies in violation of the Securities Exchange Act of 1934. The first American agreed to a termination and to pay the fine without acknowledging or denying the SEC's results, the statement said.
The company said in a statement, "We are pleased to resolve this issue with the SEC and continue to comply with all SEC disclosure requirements."
In July 2019, First American, which is one of the largest title insurance providers in the United States, the first insurer accused of violating the New York State Department of Financial Services' 2017 issue of the Cybersecurity Ordinance in connection with the issue.
Los Angeles in October 2019.