AM Best Comments on Credit Ratings of First American Financial Corporation and Its Title Insurance Subsidiaries Following Alleged Data Security Incident

OLDWICK, N.J.–(BUSINESS WIRE)–AM Best has commented that the Financial Strength Rating of A
(Excellent) and the Long-Term Issuer Credit Ratings (Long-Term ICR) of
“a” of the members of First American Title Insurance Group, as well as
the Long-Term ICR of “bbb” of the parent holding company, First American
Financial Corporation (First American) (Delaware) [NYSE:FAF], remain
unchanged following the organization’s announcement that investigations
into a reported information security incident are ongoing. (See below
for a detailed listing of the companies.)

Concurrent with the announcement, First American on May 28, 2019, filed
a Form 8-K, which is in accordance with U.S. Securities and Exchange
Commission requirements. The Form 8-K discloses that the alleged
information exposure was discovered by an individual who claimed to have
had access to hundreds of millions of personal documents that were
available due to a security lapse in one of First American’s customer
web portal. This alleged information security incident was brought to
the attention of First American by a cybersecurity expert who was in the
process of publishing a related article on First American on May 27.

Immediately after learning of the alleged information security incident
(and before the article was published), the company discontinued all
external access to the application in question, and shortly thereafter,
hired a forensic auditor to investigate the matter and filed the 8-K. To
date, First American and its forensic auditor have found no evidence of
a large-scale data breach and the company continues to work with its
external partners to ensure that these and any related information
technology security vulnerabilities have been resolved. In addition,
First American is in discussion with various regulators, including the
New York State Department of Financial Services.

AM Best is in discussions with First American and believes management is
diligently working through this matter with its team and third-party
providers. First American management believes they have identified and
resolved these security weaknesses, and at this point, have found no
evidence that exploitation of customer data (other than by the reporter
and his source) or ransom attempts have occurred, nor have any signs of
a massive security breach been identified.

While an incident such as this generally raises concerns regarding
enterprise risk management controls, AM Best believes vulnerabilities to
information security incidents like the one that allegedly has occurred
at First American are universal and that insurers are not immune to
potential IT security lapses. Being one of the largest title insurers in
the United States, First American understands the importance of keeping
personal records secure. Management has expressed a high degree of
commitment to restoring customer confidence and ensuring that all
customer information is safeguarded. Although incidents such as this can
adversely affect a company’s brand and reputation, management has been
in discussions with many of its key customers and envisions minimal
impact to revenue. Since there has been no evidence of damages resulting
from the information security incident, at this stage of its
investigation, management views the financial impact from potential
litigation to be immaterial.

First American has implemented remedial actions and is engaging
third-party service providers to undertake a comprehensive review of the
facts and circumstances around this weakness. AM Best plans to monitor
this on an ongoing basis and discuss with management the forensic audit
findings, as well as any recommendations adopted to enhance security and
internal controls to ensure this vulnerability has been corrected.

The following companies are the members of the First American Title
Insurance Group:

• First American Title Insurance Company
• First American Title Insurance Company of Australia Pty Limited
• First American Title Insurance Company of Louisiana
• First Title Insurance plc
• Ohio Bar Title Insurance Company

This press release relates to Credit Ratings that have been published
on AM Best’s website. For all rating information relating to the release
and pertinent disclosures, including details of the office responsible
for issuing each of the individual ratings referenced in this release,
please see AM Best’s Recent
Rating Activity web page. For additional information
regarding the use and limitations of Credit Rating opinions, please view Understanding
Best’s Credit Ratings. For information on the proper media
use of Best’s Credit Ratings and AM Best press releases, please view Guide
for Media – Proper Use of Best’s Credit Ratings and AM Best Rating
Action Press Releases.

AM Best is a global rating agency and information provider with a
unique focus on the insurance industry. Visit www.ambest.com
for more information.

Copyright © 2019 by A.M. Best Rating Services, Inc. and/or its
affiliates. ALL RIGHTS RESERVED.

Contacts

Kourtnie Beckwith
Financial Analyst
+1 908
439 2200, ext. 5124
kourtnie.beckwith@ambest.com

Fred Eslami
Associate Director
+1 908 439
2200, ext. 5406
fred.eslami@ambest.com

Christopher Sharkey
Manager, Public Relations
+1
908 439 2200, ext. 5159
christopher.sharkey@ambest.com

Jim Peavy
Director, Public Relations
+1 908
439 2200, ext. 5644
james.peavy@ambest.com