Industry Letter

Date: December 27, 2023

To: Chief Information Security Officers

Subject: First American Financial & Email Vigilance

This email is intended for your organization’s Chief Information Security Officer(CISO) or equivalent. Please forward this message to your CISO if you are not the intended recipient.

While you may already be aware of the cybersecurity incident impacting First American Financial Corporation (First American), the New York State Department of Financial Services (DFS) brings to your attention a related warning issued by First American regarding emails from its systems.

On December 21, First American announced it had discovered unauthorized activity on certain of its information technology systems. First American further reports that it has isolated its systems, including its email server, and warns from its update site ( that, at this time, “any recipient of an email purporting to be from First American, First American Title or from should be vigilant about cybersecurity risks and avoid clicking on unknown or suspect links.”

Now and always, it is important to remind personnel to remain cautious and vigilant when handling emails containing links and attachments as these may carry malicious payloads or lead users to malicious websites.

Take care, be vigilant, and have a safe holiday season.