---
schema_version: "secwatch.filing_event.v1"
accession: "0000950170-23-072513"
form_type: "8-K"
ticker: "FAF"
cik: "0001472787"
company_name: "First American Financial Corp"
filed_at: "2023-12-22T23:59:59+00:00"
generated_at: "2026-06-07T07:49:19.374121+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.6
calibrated_materiality_score: 0.6
confidence: "high"
source: SEC EDGAR
---

# First American Financial discloses cybersecurity incident; systems isolated Dec 20, impact undetermined

## Summary
- Unauthorized activity detected on IT systems; company isolated systems from internet on Dec 20, 2023.
- Retained leading experts, working with law enforcement, notified regulators; primary website may be inaccessible.
- Special website created at firstamupdate.com for incident communications; assessing financial impact, not yet determined.
- No estimate provided for duration of disruption or extent of data compromise.

## SEC filing metadata
- accession: 0000950170-23-072513
- form_type: 8-K
- ticker: FAF
- cik: 0001472787
- company_name: First American Financial Corp
- filed_at: 2023-12-22T23:59:59+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.6
- calibrated_materiality_score: 0.6
- confidence: high
- sec_items: 1.05, 9.01
- EDGAR index: https://www.sec.gov/Archives/edgar/data/1472787/000095017023072513/0000950170-23-072513-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/1472787/000095017023072513/faf-20231220.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0000950170-23-072513
- JSON: https://secwatch.observer/filing/0000950170-23-072513.json
- Plain text: https://secwatch.observer/filing/0000950170-23-072513.txt

## Key facts
- Cybersecurity Incidents
  First American Financial Corp disclosed a cybersecurity incident: unauthorized activity on certain information technology systems. Impact: cannot estimate duration or extent of disruption; primary website may be inaccessible. Materiality is still being assessed.
  - Nature: unauthorized activity on certain information technology systems
  - Impact: cannot estimate duration or extent of disruption; primary website may be inaccessible
  - Materiality: assessing
  source text: The Company is also assessing the impact of the incident and whether it may have a material impact on its financial condition and results of operations, which at this point cannot be determined.
  evidence_url: https://www.sec.gov/Archives/edgar/data/1472787/000095017023072513/0000950170-23-072513-index.htm

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.