---
schema_version: "secwatch.filing_event.v1"
accession: "0000950170-23-073848"
form_type: "8-K/A"
ticker: "FAF"
cik: "0001472787"
company_name: "First American Financial Corp"
filed_at: "2023-12-29T23:59:59+00:00"
generated_at: "2026-06-07T05:48:28.312194+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.8
calibrated_materiality_score: 0.8
confidence: "high"
source: SEC EDGAR
---

# First American Financial reports cyber incident with data exfiltration and encryption; systems isolated Dec 20.

## Summary
- Dec 20, 2023: Company isolated systems from Internet upon detecting unauthorized activity on IT systems.
- Perpetrator accessed systems, exfiltrated data, and encrypted data on certain non-production systems.
- Company retained leading experts, worked with law enforcement, and notified regulatory authorities.
- Incident contained as of filing date; restoration of systems and normal operations ongoing.
- Financial impact assessment still underway; materiality cannot yet be determined.

## SEC filing metadata
- accession: 0000950170-23-073848
- form_type: 8-K/A
- ticker: FAF
- cik: 0001472787
- company_name: First American Financial Corp
- filed_at: 2023-12-29T23:59:59+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.8
- calibrated_materiality_score: 0.8
- confidence: high
- sec_items: 1.05, 9.01
- EDGAR index: https://www.sec.gov/Archives/edgar/data/1472787/000095017023073848/0000950170-23-073848-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/1472787/000095017023073848/faf-20231220.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0000950170-23-073848
- JSON: https://secwatch.observer/filing/0000950170-23-073848.json
- Plain text: https://secwatch.observer/filing/0000950170-23-073848.txt

## Key facts
- Cybersecurity Incidents
  First American Financial Corp disclosed a cybersecurity incident: unauthorized activity on certain information technology systems; perpetrator accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems. Impact: Company is in the process of restoring access to its systems and resuming normal business operations; material impact cannot be determined yet. Materiality is still being assessed.
  - Nature: unauthorized activity on certain information technology systems; perpetrator accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems
  - Impact: Company is in the process of restoring access to its systems and resuming normal business operations; material impact cannot be determined yet
  - Materiality: assessing
  source text: The Company continues to assess whether the incident will have a material impact on the Company’s financial condition or results of operations, which at this point cannot be determined.
  evidence_url: https://www.sec.gov/Archives/edgar/data/1472787/000095017023073848/0000950170-23-073848-index.htm

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.