ALTA has learned that title and settlement company usernames and passwords have been allegedly acquired using a phishing campaign.
A person claiming to be an ethical hacker contacted ALTA via Twitter and provided files that contain approximately 600 data entries consisting of domain identification, IP addresses, usernames and passwords. The data contains information for non-title companies as well.
There is no indication the data comes from a specific system breach. There are no signs that the credentials are still active or how they were obtained. We believe this person is also contacting individuals and companies they can identify from the data.
ALTA’s IT department is analyzing the information. We will reach out to individual companies if any data is connected to specific title and settlement companies.
In the meantime, it’s important to watch for unauthorized access to your system. If you suspect that any contact information was obtained or your system was accessed, alert your IT department or engage an IT specialist to implement your information security program and response plan.
Some steps you can take to protect your system include:
- scanning your systems and devices to make sure that you are free from malware
- update or patch your software and operating systems
- require your staff to update and change system passwords, especially those containing customer information and banking services
We also suggest reporting any suspicious emails to the Federal Bureau of Investigation Internet Crime Complaint Center at www.ic3.gov. If you have additional information about this incident or similar attacks, please contact ALTA’s IT staff at vulnerabilities@americanlandtitleassociation.org.
Click on the link below to read the complete article online at ALTA.org