ALTA warns title companies of industry breach

The American Land Title Association (ALTA) has updated an alert of a breach within the title and settlement industry which revealed non-public personal information – a breach which might have come from more than one company. It is not, however, a breach of ALTA's systems, as has erroneously been reported elsewhere.

ALTA said its information technology department is examining the information provided by a person claiming to be an ethical hacker.

In an update issued last week, ALTA said its analysis found:

182 unique email addresses (note that some email addresses are listed more than once with different associated passwords).

154 unique domains (note that some domains were listed more than once with different associated email addresses).

ALTA said it would contact ALTA member and licensee companies whose domains were listed by Wednesday night, July 10. Non-member or non-licensee companies who are immediately concerned can contact [email protected] for the best way to reach ALTA regarding this situation.

“A person claiming to be an ethical hacker contacted ALTA via Twitter and provided files that contain approximately 600 data entries consisting of domain identification, IP addresses, usernames and passwords,” ALTA said in its alert. “The data contains information for non-title companies as well.

“There is no indication the data comes from a specific system breach. There are no signs that the credentials are still active or how they were obtained. We believe this person is also contacting individuals and companies they can identify from the data.”

ALTA said in its alert that its staff was analyzing the information provided by the hacker and that the association would reach out to companies if data was determined to be connected to specific title and settlement firms.

“In the meantime, it's important to watch for unauthorized access to your system,” ALTA cautioned. “If you suspect that any contact information was obtained or your system was accessed, alert your IT department or engage an IT specialist to implement your information security program and response plan.”

Steps the association recommended taking included scanning systems and devices for malware, updating and/or patching software and operating systems and requiring staff to update and change passwords, especially those containing customer information and banking services.

“We also suggest reporting any suspicious emails to the Federal Bureau of Investigation Internet Crime Complaint Center at www.ic3.gov,” the alert concluded. “If you have additional information about this incident or similar attacks, please contact ALTA’s IT staff at [email protected].”