Seattle-based real estate developer Ben Shoval reportedly notified Krebs that the SEC had sent him a letter saying the agency was looking into the lapse to see if First American had run afoul of securities laws. “This investigation is a non-public, fact-finding inquiry,” the letter is quoted as saying. “The investigation does not mean that we have concluded that anyone has violated the law.”
The vulnerability, uncovered earlier this year, made it possible for anyone with a URL for a valid document to access other people’s bank account numbers, mortgage records, Social Security numbers, tax records and other sensitive documents.