A design defect in one of First American Financial Corp.'s production applications may have left customers' financial information vulnerable to unauthorized access, The Wall Street Journal reported.
First American Financial said it shut down external access to the application and is looking into the impact of the flaw on the security of customer information. The company also said it asked an outside forensic firm to check whether customer data has been illegally accessed as a result of the defect.
Krebs on Security reported that First American Financial's website may have exposed about 885 million files related to mortgage deals going back to 2003. Customer information that may have been affected include bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts and driver's license images.
A person familiar with the matter told the Journal that First American Financial's multilayered security program had not indicated a breach. The person believes no customer data was leaked or transmitted to an external recipient, according to the report.