{"schema_version":"secwatch.filing_event.v1","accession":"0000950170-24-004247","form_type":"8-K/A","ticker":"FAF","cik":"0001472787","company_name":"First American Financial Corp","filed_at":"2024-01-12T23:59:59+00:00","discovered_at":"2026-05-14T18:03:24.271513+00:00","generated_at":"2026-06-06T23:51:31.326234+00:00","sec_items":["1.05","9.01"],"event_type":"cyber","sentiment":"negative","materiality_score":0.7,"calibrated_materiality_score":0.7,"confidence":"high","headline":"First American provides update: cyber incident delayed Q4 transactions, lost revenue to Q1 2024","bullets":["Company isolated IT systems on Dec 20, 2023; contained incident and resumed business operations.","Q4 2023 transactions delayed to Q1 2024, shifting revenue recognition; some transactions lost to competitors.","One-time expenses incurred in Q4 2023 as a result of the cybersecurity incident.","Incident expected to materially impact Q4 2023 results, but not overall financial condition or ongoing operations."],"urls":{"canonical":"https://secwatch.observer/filing/0000950170-24-004247","json":"https://secwatch.observer/filing/0000950170-24-004247.json","markdown":"https://secwatch.observer/filing/0000950170-24-004247.md","text":"https://secwatch.observer/filing/0000950170-24-004247.txt","edgar_index":"https://www.sec.gov/Archives/edgar/data/1472787/000095017024004247/0000950170-24-004247-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/1472787/000095017024004247/faf-20231220.htm"},"model":{"generated_by":"deepseek-v4-flash:cloud@v2","generated_at":"2026-06-06T23:51:31.326234+00:00"},"review":{"review_status":"machine_generated","human_reviewed":false,"corrected":false,"correction_note":null,"correction_timestamp":null,"superseded_by":null,"related_filings":[]},"source_grounded_claims":[{"claim_id":"6303bbb31defcf273f72c402f84c3cee53a7ab25","claim":"First American Financial Corp disclosed a cybersecurity incident: unauthorized activity on certain of its information technology systems. Impact: material impact on Q4 2023 results of operations; revenue delayed from Q4 2023 to Q1 2024; loss of revenue from transactions moved to other providers; one-time expenses incurred. Materiality is still being assessed.","evidence_excerpt":"As disclosed in the Original Report, the Company identified unauthorized activity on certain of its information technology systems. Upon detection, the Company acted to contain, assess and remediate the incident.","evidence_source":"SEC 8-K Item 1.05","evidence_url":"https://www.sec.gov/Archives/edgar/data/1472787/000095017024004247/0000950170-24-004247-index.htm","confidence":0.9,"family_label":"Cybersecurity Incidents","details":[{"label":"Nature","value":"unauthorized activity on certain of its information technology systems"},{"label":"Impact","value":"material impact on Q4 2023 results of operations; revenue delayed from Q4 2023 to Q1 2024; loss of revenue from transactions moved to other providers; one-time expenses incurred"},{"label":"Materiality","value":"assessing"}],"fact_type":"cyber_incident"}],"license":"Source filings: public domain (SEC EDGAR). Summaries (headline + bullets): CC-BY-4.0; attribute https://secwatch.observer"}