Skip to main content
Skip to navigation

Regulatory Enforcement

First American fined $1M by NYDFS over 2019 cybersecurity breach

By Adrianne Appel2023-11-29T19:05:00

Privacy data access

A title insurance company agreed to pay a $1 million fine and implement stronger compliance measures for allegedly not securing customers’ personal data, particularly during a 2019 cybersecurity breach.

First American Title Insurance Company, the second largest title insurer in the nation, did not address a known vulnerability on its proprietary storage platform, EaglePro, before the issue was exposed by a cybersecurity journalist months later, according to the New York State Department of Financial Services (NYDFS). The regulator announced the action Tuesday.

Under the NYDFS’s 2017 Cybersecurity Regulation, First American was required to have controls in place to secure its customer data.

THIS IS MEMBERS-ONLY CONTENT

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
VF discloses data breach impacted 35.5M customers

2024-01-19T19:40:00Z By Kyle Brasseur

Apparel company VF Corp., the owner of brands including The North Face, Vans, and Timberland, disclosed its estimation approximately 35.5 million customers had their personal data stolen as part of a cybersecurity incident it uncovered in December.
News Brief
Genesis Global Trading fined $8M by NYDFS over AML, cyber lapses

2024-01-16T18:24:00Z By Kyle Brasseur

Virtual currency brokerage firm Genesis Global Trading agreed to pay an $8 million penalty levied by the New York State Department of Financial Services for alleged compliance failures that left it vulnerable to illicit activity and cybersecurity threats.
News Brief
OneMain Financial fined $4.25M in NYDFS cybersecurity case

2023-05-25T17:16:00Z By Adrianne Appel

Mortgage servicer OneMain Financial Group will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.

More from Regulatory Enforcement

News Brief
DOJ secures $118 million penalty in FCPA violation case tied to Guatemalan telecom firm

2025-11-20T18:52:00Z By Oscar Gonzalez

The parent company of a telecom subsidiary in Guatemala agreed to pay $118.2 million to settle allegations of improper payments made to government officials, but the U.S. Department of Justice chose not to impose a compliance monitor to administer the firm’s compliance with the Foriegn Corrupt Practices Act (FCPA).
Article
Nursing home chain and former CEO pay $146M each for federal health fraud

2025-11-19T19:58:00Z By Adrianne Appel

A New Jersey and Midwest nursing home chain, and its former chief executive, must pay more than $146 million each for extensive health care fraud for engaging in widespread fraud related to Medicare and Medicaid.
News Brief
U.S. Treasury faces new pressure over unreleased Epstein bank records

2025-11-19T19:18:00Z By Oscar Gonzalez

The release of thousands of emails written by Jeffrey Epstein has sparked a political storm. One Democratic Senator is ramping up pressure for the U.S. Treasury to also disclose the deceased financier’s bank records.