The headquarters of the US Securities and Exchange Commission (SEC) is seen in Washington, DC, January 28, 2021. (Photo by SAUL LOEB/AFP via Getty Images)
The commission said First American's information security personnel spotted the vulnerability months earlier, but didn't fix it or notify company brass.