{"schema_version":"secwatch.filing_event.v1","accession":"0000950170-23-072513","form_type":"8-K","ticker":"FAF","cik":"0001472787","company_name":"First American Financial Corp","filed_at":"2023-12-22T23:59:59+00:00","discovered_at":"2026-05-14T18:03:29.172081+00:00","generated_at":"2026-06-07T07:49:19.374121+00:00","sec_items":["1.05","9.01"],"event_type":"cyber","sentiment":"negative","materiality_score":0.6,"calibrated_materiality_score":0.6,"confidence":"high","headline":"First American Financial discloses cybersecurity incident; systems isolated Dec 20, impact undetermined","bullets":["Unauthorized activity detected on IT systems; company isolated systems from internet on Dec 20, 2023.","Retained leading experts, working with law enforcement, notified regulators; primary website may be inaccessible.","Special website created at firstamupdate.com for incident communications; assessing financial impact, not yet determined.","No estimate provided for duration of disruption or extent of data compromise."],"urls":{"canonical":"https://secwatch.observer/filing/0000950170-23-072513","json":"https://secwatch.observer/filing/0000950170-23-072513.json","markdown":"https://secwatch.observer/filing/0000950170-23-072513.md","text":"https://secwatch.observer/filing/0000950170-23-072513.txt","edgar_index":"https://www.sec.gov/Archives/edgar/data/1472787/000095017023072513/0000950170-23-072513-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/1472787/000095017023072513/faf-20231220.htm"},"model":{"generated_by":"deepseek-v4-flash:cloud@v2","generated_at":"2026-06-07T07:49:19.374121+00:00"},"review":{"review_status":"machine_generated","human_reviewed":false,"corrected":false,"correction_note":null,"correction_timestamp":null,"superseded_by":null,"related_filings":[]},"source_grounded_claims":[{"claim_id":"61d9e04641c766c1c993794ea993d7b553f698b6","claim":"First American Financial Corp disclosed a cybersecurity incident: unauthorized activity on certain information technology systems. Impact: cannot estimate duration or extent of disruption; primary website may be inaccessible. Materiality is still being assessed.","evidence_excerpt":"The Company is also assessing the impact of the incident and whether it may have a material impact on its financial condition and results of operations, which at this point cannot be determined.","evidence_source":"SEC 8-K Item 1.05","evidence_url":"https://www.sec.gov/Archives/edgar/data/1472787/000095017023072513/0000950170-23-072513-index.htm","confidence":0.9,"family_label":"Cybersecurity Incidents","details":[{"label":"Nature","value":"unauthorized activity on certain information technology systems"},{"label":"Impact","value":"cannot estimate duration or extent of disruption; primary website may be inaccessible"},{"label":"Materiality","value":"assessing"}],"fact_type":"cyber_incident"}],"license":"Source filings: public domain (SEC EDGAR). Summaries (headline + bullets): CC-BY-4.0; attribute https://secwatch.observer"}