Bisnar Chase Practice Areas and Locations

Do I have a class action case?

Free Case Evaluation - Our full time staff is ready to evaluate your case submission and will respond in a timely manner.

*Submitting this form does not create an attorney-client relationship*

Do I have a class action case?

Free Case Evaluation - Our full time staff is ready to evaluate your case submission and will respond in a timely manner.

FIRST AMERICAN FINANCIAL CORPORATION ; FIRST AMERICAN TITLE COMPANY

Defendant Name: BEN DINH, individually, and on behalf of all others similarly situated

Case Number: 8:19-cv-01105-AG-DFM

Court: UNITED STATES DISTRICT COURT CENTRAL DISTRICT OF CALIFORNIA

Practice Area: Class Action

Status: Active; Jury Trial Demanded

Date Filed: 06/04/19

Documents: Original Complaint (PDF)

Attorneys Involved: Brian Chase, Jerusalem Beligan, Ian M. Silvers

Think you have a case? Contact us using the form above to have a class action specialist contact you.

Details of the First American Data Breach

On May 24, 2019, cybersecurity researcher Brian Krebs announced that First American published on its website more than 885 million sensitive mortgage documents (the “Data Breach”). These documents contained the confidential, private information of Plaintiff and putative Class members including, but not limited to, their names, email addresses, mailing addresses, dates of birth, social security numbers, bank account numbers, lender details, mortgage and tax records, driver’s license images, and other personal information (collectively, “PII”).

Since the Data Breach was first announced by Brian Krebs, First American has admitted that a design defect in one of its applications exposed the PII of its customers. Based on information and belief, First American hired an independent security forensic company and upon determining there was unauthorized access to Plaintiff and Class member’s PII, First American shut down external access to the application.

While it is unclear when the Data Breach first began, the exposed documents date back to at least 2003 and were made available to the public without any security protection on the First American website. For instance, no username or password was required to view Plaintiff and Class members’ PII, and the webpage lacked industry standard-two factor authentication

The Disappointing Web Design Error that Caused the Data Breach

Most disappointing is that First American allowed the Data Breach to occur, despite it being caused by a relatively common website design error called Insecure Direct Object Reference, which occurs when a link to a webpage with sensitive information is created and intended to only be seen by a specific party, but there is no method to actually verify the identity of who is viewing the link.

CLASS ACTION ALLEGATIONS

First American is the largest title insurance company in the United States, earning $5.3 billion per year in revenue from selling title insurance and other closing services. As Forbes noted in 2006, First American prices its title insurance at 1,300% above its margin cost. The average policy with First American (in 2006) cost about $1,500 but running a title search—now that records are digitized—costs as little as $25. And First American pays only about $75 per policy to pay claims.

Customers believe that—at a minimum—the large sum they pay towards title insurance buys them security and peace of mind that their sensitive documents will be securely stored. As Ben Shoval, the man who discovered the First American breach, explains: “The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, driver’s licenses, account statements ... You give them all kinds of private information and you expect that to stay private.”

Have a question that wasn't answered here?