In an alert posted to its website, the American Land Title Association (ALTA) said it has been told of a breach within the title and settlement industry which revealed non-public personal information – a breach which might have come from more than one company.
ALTA said its information technology department is examining the information provided by a person claiming to be an ethical hacker.
“A person claiming to be an ethical hacker contacted ALTA via Twitter and provided files that contain approximately 600 data entries consisting of domain identification, IP addresses, usernames and passwords,” ALTA said in its alert. “The data contains information for non-title companies as well.
“There is no indication the data comes from a specific system breach. There are no signs that the credentials are still active or how they were obtained. We believe this person is also contacting individuals and companies they can identify from the data.”
ALTA said in its alert that its staff was analyzing the information provided by the hacker and that the association would reach out to companies if data was determined to be connected to specific title and settlement firms.
“In the meantime, it's important to watch for unauthorized access to your system,” ALTA cautioned. “If you suspect that any contact information was obtained or your system was accessed, alert your IT department or engage an IT specialist to implement your information security program and response plan.”
Steps the association recommended taking included scanning systems and devices for malware, updating and/or patching software and operating systems and requiring staff to update and change passwords, especially those containing customer information and banking services.
“We also suggest reporting any suspicious emails to the Federal Bureau of Investigation Internet Crime Complaint Center at www.ic3.gov,” the alert concluded. “If you have additional information about this incident or similar attacks, please contact ALTA’s IT staff at vulnerabilities@americanlandtitleassociation.org.”