How bad is the 800 million-record First American data breach?

How bad is the 800 million-record First American data breach and can DeleteMe help homeowers who have their private home and personal data exposed?

If you have owned a home or currently own in the United States in the last 15 years, it is likely your personal information may have been exposed.

The information that First American has includes social security numbers, drivers’ licenses, bank accounts, tax records, and of course, detailed information about who owns homes of exactly what value.  The exposed data appears to go back 15 years. 

First American is not a credit bureau like Equifax (where 150M Americans had their full effected in their data breach in 2017) instead it’s a “title insurance” company.  US homeowners are likely familiar with title insurance but if you have never owned a home, it’s a form of insurance that protects a buyer and seller of homes from someone later claiming ownership. 

As Wikipedia says, “Prior to the invention of title insurance, buyers in real estate transactions bore sole responsibility for ensuring the validity of the land title held by the seller. If the title were later deemed invalid or found to be fraudulent, the buyer lost his investment.”

This, of course, means that title insurers like to collect as many official documents that prove the identity and financial status of homeowners as possible.  Their databases are full of this data because that’s “their business”.  Because of the intrinsic nature of the business, title insurers tend to be more concerned with accuracy than with security.  A data breach is a difficult-to-measurable externality in comparison to paying out claims for their insured properties (US title insurers by some estimates pay close to $1bn / year in claims these days). 

Can I find out if my house was part of the 885 million records exposed?

If you’ve owned, bought or sold a house in the last 15 years in the United States, then there is a good chance the answer is yes.  And if hour house is in the database, then it’s likely the other sensitive personal information linked to it is there as well – drivers license, tax history, social security number, and more. 

However, First American doesn’t know if the security breach was taken advantage of broadly – by hackers or others looking for this kind of information.  One problem is that once a big security hole is identified, it can be difficult or even impossible to say with certainty if hackers got it all – imagine leaving the door open by accident and trying to figure out if someone came in and photographed all the rooms in your house but left everything untouched.  This is the analogous problem.

If the First American information was found, downloaded and/or scraped by hackers or data brokers, it can lead to anyone being able to buy and combine detailed information about home owners by doing some simple Google searches.  

Google searches for your home address on Whitepages, Mylife and more

When a hacker or someone snooping around trying to find information about you Google’s your home address, what typically comes up on the first page are paid results from Data Brokers like White Pages and Mylife – offering to sell your personal information to anyone in the world willing to swipe their credit card usually for between $5 and $50. 

Data broker personal information data laundering

Data brokers buy this information from “many sources” which they refuse to disclose.  So the way things can happen in a data breach is: 1. Hacker downloads information from First American, 2. Overseas company buys it from hacker, “cleans it up” so it looks legitimate, 3. US data broker buys it, combines it with their existing info, and sells it.  If asked, the General Counsel of any US data broker will always claim they only buy legal, legitimate information about consumers.  In reality, they don’t know.  And they have an incentive to “look the other way” which they all do and they know it. 

How DeleteMe works to remove your personal home info from Google

DeleteMe works by finding and removing consumers personal information from the sources that come up highest and most often in Google searches for your name + home address online: data brokers.  DeleteMe finds and removes consumers and homeowners from dozens of top data brokers – and monitors these all year long to make sure information stays removed.

Can DeleteMe remove your home address from the internet after the First American breach?

DeleteMe has removed over 12 million home addresses already and is the #1 information removal service in the world.  One reason it is popular is it makes sure the addresses of these residences stay off the data brokers advertising them so the results high up on Google just disappear.  Of course DeleteMe can’t remove every trace of information about consumers home addresses from the Internet – nobody can do that.  But subscribing really does create a lower profile and keeps your home address and information linked to it from being super easy to Google.