Request Your Free Consultation

Our team is standing by to help. Call us at (800) 561-4887 or complete this form to schedule a free consultation with us.

Submitting this form does not create an attorney-client relationship.

Click for Your FREE Case Review Click for Your FREE Case Review


Defendant Name: BEN DINH, individually, and on behalf of all others similarly situated

Case Number: 8:19-cv-01105-AG-DFM


Practice Area: Class Action

Status: Active; Jury Trial Demanded

Date Filed: 06/04/19

Documents: Original Complaint (PDF)

Attorneys Involved: Brian Chase, Ian M. Silvers

Think you have a case? Contact us using the form to the right to have a class action specialist contact you.

Details of the First American Data Breach

On May 24, 2019, cybersecurity researcher Brian Krebs announced that First American published on its website more than 885 million sensitive mortgage documents (the “Data Breach”). These documents contained the confidential, private information of Plaintiff and putative Class members including, but not limited to, their names, email addresses, mailing addresses, dates of birth, social security numbers, bank account numbers, lender details, mortgage and tax records, driver’s license images, and other personal information (collectively, “PII”).

Since the Data Breach was first announced by Brian Krebs, First American has admitted that a design defect in one of its applications exposed the PII of its customers. Based on information and belief, First American hired an independent security forensic company and upon determining there was unauthorized access to Plaintiff and Class member’s PII, First American shut down external access to the application.

While it is unclear when the Data Breach first began, the exposed documents date back to at least 2003 and were made available to the public without any security protection on the First American website. For instance, no username or password was required to view Plaintiff and Class members’ PII, and the webpage lacked industry standard-two factor authentication

The Disappointing Web Design Error that Caused the Data Breach

Most disappointing is that First American allowed the Data Breach to occur, despite it being caused by a relatively common website design error called Insecure Direct Object Reference, which occurs when a link to a webpage with sensitive information is created and intended to only be seen by a specific party, but there is no method to actually verify the identity of who is viewing the link.


First American is the largest title insurance company in the United States, earning $5.3 billion per year in revenue from selling title insurance and other closing services. As Forbes noted in 2006, First American prices its title insurance at 1,300% above its margin cost. The average policy with First American (in 2006) cost about $1,500 but running a title search—now that records are digitized—costs as little as $25. And First American pays only about $75 per policy to pay claims.

Customers believe that—at a minimum—the large sum they pay towards title insurance buys them security and peace of mind that their sensitive documents will be securely stored. As Ben Shoval, the man who discovered the First American breach, explains: “The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, driver’s licenses, account statements ... You give them all kinds of private information and you expect that to stay private.”

Was This Page Helpful? Yes | No

Daily Journal Top Lawyer 2020
See All Ratings And Awards

Have a question that wasn't answered here?

Call Us!

(800) 561-4887

Fill Out Our

Contact Form