Property records are public. Your deed, your mortgage, your lien and tax history, all of it sits in county records that anyone can inspect. That has always been true, and companies have always aggregated and sold access to it. So on its surface, the class action filed against First American Financial this week looks unwinnable: how do you sue someone for selling information that was public to begin with?
The answer is the whole point of the case, and it is why this lawsuit matters beyond one company. The homeowners are not really arguing that public records should be secret. They are arguing that First American did something legally distinct from republishing public data, and the distinction they are drawing could, if a court accepts it, unsettle the business model of an entire industry.
What the suit actually claims
The target is a First American product called DataTree, which the company describes as a nationwide property-intelligence platform. Filed in California federal court, the suit says DataTree lets users pull homeowners' information, including mortgage data, lien and tax data, and foreclosure status, through both free and paid tiers, and that it also exposes homeowners' telephone numbers and email addresses through affiliated sources. The platform runs on a subscription and credit model with a free seven-day trial.
The homeowners, who attached redacted screenshots of their own DataTree property profiles to the complaint, are not suing under a data-breach theory. They are invoking right of publicity laws in Alabama, California, Illinois, and Nevada, and seeking to certify classes of people identified in DataTree in the one-to-four years before filing.
The sentence that is the entire case
Strip away the procedure and the case turns on one line from the complaint, and it is worth understanding precisely because everything rides on it. First American, the suit says, used plaintiffs' names and identity attributes in a commercial sales funnel, not merely as a passive, noncommercial republication of public information.
That distinction, "commercial sales funnel" versus "passive republication," is the hinge the whole lawsuit swings on, and it is a genuinely clever piece of legal framing. Here is why it matters.
Right-of-publicity law protects a person's name and identity from being used, without permission, to sell something. It is the law that stops a company from slapping your face on an ad. It has generally not been understood to stop anyone from listing your name in a public-records database, because that is treated as neutral republication of facts, not commercial exploitation of your identity.
The plaintiffs are trying to move property-data aggregation from the first category into the second. Their theory is that when First American uses a specific homeowner's name and details as the bait in a free trial designed to convert lookers into paying subscribers, the name is no longer just a fact being republished. It has become the product being marketed, deployed to sell subscriptions. The free tier that shows you a teaser of a named person's property profile, then asks you to pay for more, is, in this framing, using that person's identity as a commercial lure. That, the plaintiffs argue, is exactly what right-of-publicity law forbids.
Whether courts accept that recharacterization is the entire ballgame, and it is far from certain they will. But if the theory works, it would reclassify a routine industry practice, the freemium property-data lookup, as a right-of-publicity violation. That is not a narrow claim about one platform. It is a claim that the standard way property-data companies attract customers is unlawful.
Why this is not one lawsuit but a pattern
The First American case does not stand alone, and seeing the pattern is what tells you where this is heading. Consumers have been increasingly suing mortgage and real estate players over how they handle personal information, well beyond data-breach complaints. In just the past year, both Rocket Companies and United Wholesale Mortgage were hit with similar complaints over their technology platforms and data practices.
Read together, these suits represent a coordinated legal probe of a specific vulnerability: the gap between "this information is public" and "you may commercialize this person's identity." For two decades, property-data and lead-generation businesses have operated on the assumption that public-record status gave them a free hand. This wave of litigation is testing whether right-of-publicity law, and various state consumer-protection statutes, impose limits that the industry has been ignoring. The plaintiffs' bar has evidently identified the freemium, identity-as-lure model as a soft target, and it is hitting multiple defendants with variations of the same argument to see which framing sticks. First American is one front in that larger campaign.
The irony First American brings to this fight
There is context that makes First American a particularly awkward defendant here, and it is worth stating. This is the same company that, in 2019, suffered one of the largest data exposures in the industry's history, a website vulnerability that left roughly 800 million records accessible without any password, including bank account numbers, Social Security numbers, mortgage and tax records, and images of driver's licenses. The New York Department of Financial Services later pursued the company over its failure to safeguard sensitive customer information.
That history does not bear directly on the legal merits of the DataTree claim, which is a different kind of case. But it frames the reputational stakes. A company already synonymous with mishandling homeowner data is now being accused of monetizing that same category of data without consent. The 2019 breach was about failing to protect information. This suit is about allegedly profiting from it too freely. Together they sketch a picture the plaintiffs will be happy to paint: a data giant that treats homeowners' information as an asset to be exploited, whether by negligence or by design.
What is genuinely at stake
It is worth being precise about what this case could and could not do, because the stakes are easy to overstate in either direction.
It will not make property records private. Deeds, liens, and tax data will remain public, and companies will still be able to aggregate them. What is actually being tested is narrower and more consequential than that: whether the specific act of using named individuals' data as the marketed product in a commercial subscription funnel crosses a legal line that mere republication does not. If the plaintiffs lose, the industry continues as is. If they win, or even survive early motions and force a settlement, property-data companies may have to rethink how they display and market individual profiles, potentially adding consent mechanisms, restricting free-tier previews of named individuals, or changing how identity data feeds their sales pipelines.
For homeowners, the case is a test of whether "it's public record" is a complete defense to any use of their information, or whether there is a line past which even public data cannot be freely commercialized against the person it describes. For the property-data and mortgage-technology industry, it is an early warning that a business model built on the permissiveness of public records is now facing a legal theory designed specifically to constrain it.
The dollar figures in this one case matter far less than which way that theory breaks, because the answer will apply to everyone who does what First American does.