American Land Title Association Suffers Data Breach Compromising Over 600 Company Records
- The files obtained from the hacker contained almost 600 data entries for title and non-title companies.
- The data included domain identification, IP addresses, usernames, and passwords.
The American Land Title Association (ALTA) suffered a data breach compromising hundreds of company records in a phishing campaign.
ALTA is the U.S. national trade association representing nearly 6000 title insurance companies, title and settlement agents, independent abstracters, title searchers, and real estate attorneys.
An ethical hacker contacted ALTA via twitter and provided files that contained company records. Upon which, ALTA's IT department begun analyzing the records obtained from the hacker.
The land title association is planning to implement an information security program and response plan in order to protect the companies' data and systems from data theft and leaks.
“There is no indication the data comes from a specific system breach. There are no signs that the credentials are still active or how they were obtained. We believe this person is also contacting individuals and companies they can identify from the data,” the national trade association said.
What information was compromised?
The files obtained from the hacker contain almost 600 data entries for title and non-title companies. The data included domain identification, IP addresses, usernames, and passwords.
What can you do to protect yourself?
- ALTA recommends the potentially impacted companies to monitor their systems for unauthorized access, and in case of any suspicious access immediately alert their IT departments.
- The national trade association also recommends reporting any suspicious emails to the Federal Bureau of Investigation Internet Crime Complaint Center.
The association also suggested some steps to protect company systems which includes:
- Scanning all the systems and devices for malware.
- Updating or patching the installed software and operating systems.
- Requiring company staff to update and change system passwords, especially those containing customer information and banking services.