{"schema_version":"secwatch.filing_event.v1","accession":"0000950170-23-073848","form_type":"8-K/A","ticker":"FAF","cik":"0001472787","company_name":"First American Financial Corp","filed_at":"2023-12-29T23:59:59+00:00","discovered_at":"2026-05-14T18:03:29.171277+00:00","generated_at":"2026-06-07T05:48:28.312194+00:00","sec_items":["1.05","9.01"],"event_type":"cyber","sentiment":"negative","materiality_score":0.8,"calibrated_materiality_score":0.8,"confidence":"high","headline":"First American Financial reports cyber incident with data exfiltration and encryption; systems isolated Dec 20.","bullets":["Dec 20, 2023: Company isolated systems from Internet upon detecting unauthorized activity on IT systems.","Perpetrator accessed systems, exfiltrated data, and encrypted data on certain non-production systems.","Company retained leading experts, worked with law enforcement, and notified regulatory authorities.","Incident contained as of filing date; restoration of systems and normal operations ongoing.","Financial impact assessment still underway; materiality cannot yet be determined."],"urls":{"canonical":"https://secwatch.observer/filing/0000950170-23-073848","json":"https://secwatch.observer/filing/0000950170-23-073848.json","markdown":"https://secwatch.observer/filing/0000950170-23-073848.md","text":"https://secwatch.observer/filing/0000950170-23-073848.txt","edgar_index":"https://www.sec.gov/Archives/edgar/data/1472787/000095017023073848/0000950170-23-073848-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/1472787/000095017023073848/faf-20231220.htm"},"model":{"generated_by":"deepseek-v4-flash:cloud@v2","generated_at":"2026-06-07T05:48:28.312194+00:00"},"review":{"review_status":"machine_generated","human_reviewed":false,"corrected":false,"correction_note":null,"correction_timestamp":null,"superseded_by":null,"related_filings":[]},"source_grounded_claims":[{"claim_id":"b2c852ea6bb942790e2eaf29a9b4b8348d7ba1bf","claim":"First American Financial Corp disclosed a cybersecurity incident: unauthorized activity on certain information technology systems; perpetrator accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems. Impact: Company is in the process of restoring access to its systems and resuming normal business operations; material impact cannot be determined yet. Materiality is still being assessed.","evidence_excerpt":"The Company continues to assess whether the incident will have a material impact on the Company’s financial condition or results of operations, which at this point cannot be determined.","evidence_source":"SEC 8-K Item 1.05","evidence_url":"https://www.sec.gov/Archives/edgar/data/1472787/000095017023073848/0000950170-23-073848-index.htm","confidence":0.9,"family_label":"Cybersecurity Incidents","details":[{"label":"Nature","value":"unauthorized activity on certain information technology systems; perpetrator accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems"},{"label":"Impact","value":"Company is in the process of restoring access to its systems and resuming normal business operations; material impact cannot be determined yet"},{"label":"Materiality","value":"assessing"}],"fact_type":"cyber_incident"}],"license":"Source filings: public domain (SEC EDGAR). Summaries (headline + bullets): CC-BY-4.0; attribute https://secwatch.observer"}