The title insurer and real estate services provider Tuesday disclosed the scope of the hack for the first time in a Securities and Exchange Commission filing. First American hasn't defined the hack as a cyberattack, but said its probe was completed and that individual's personal information may have been accessed without authorization. 

The incident, discovered Dec. 21, forced First American's systems to go offline for a week, a move which led its competitors to pick up its business. First American acknowledged the hack hurt its revenue in its fourth quarter earnings. 

The company said it would notify potentially affected clients and offer them complimentary credit monitoring and identity protection services. Tuesday's announcement was posted underneath a company disclosure regarding election results for its board of directors.

The hack on First American came amid a wave of cyberattacks on mortgage players, including major hits to Mr. Cooper and Loandepot. Both of those giants also said their respective data breaches hurt quarterly earnings. 

First American had $46.7 million in net income to begin the year, both a quarterly and annual improvement. Its title revenue however dropped slightly year-over-year to $1.32 billion. Company leaders said the December incident wouldn't harm business moving forward, and they reported orders rising in March and April. 

Cybercriminals are likely to use First American's infrastructure to "island hop" to other financial services players, said Tom Kellerman, senior vice president of cyberstrategy at Contrast Security. He warned of the threat of home equity fraud, where a criminal could establish a line of credit against someone else's home. 

"Inevitably the owner of the home is the one that's penalized by the system for not paying their debt," he said. "And that is increasing. That is my biggest concern regarding this breach."