Two mortgage lenders had their systems compromised by cyber attacks, documents filed with the state of Maine show.
Rockport Mortgage Corporation and Vista Point Mortgage both had their systems infiltrated by hackers in recent months. All-in-all, over 14,000 customers likely had their personal identifiable information exposed.
Vista Point said 13,391 of its customers were impacted by the hack in its notice to Maine’s Office of the Attorney General. According to the company, it noticed suspicious activity on two of its employees’ email accounts between May 21 and June 5.
After completing a review of the suspicious activity on Sept. 27, the California-based company “determined that certain sensitive information located within the emails and attachments could have been subject to unauthorized access.” This includes names and Social Security numbers of customers.
Meanwhile, Rockport disclosed that over 1,000 of its customers may have had their data leaked due to unauthorized access to its systems in mid-October.
The nonbank’s investigation into the matter concluded that the hackers may have bagged customers’ “name, Social Security numbers, date of birth and any financial account information” shared with the company.
The two small-sized companies are offering to cover credit monitoring and identity protection services for those affected. Vista Point is sponsoring seven loan officers; meanwhile, Rockport seems not to be sponsoring any, according to the Nationwide Multistate Licensing System.
Vista Point and Rockport did not immediately respond to a request for comment Wednesday.
The mortgage industry has been an attractive target to cyber criminals due to the value of transactions taking place and their long lists of clients — any of whom could be compromised.
Most recently, AnnieMac revealed it notified over 170,00 consumers of a data breach it experienced in August.
An unknown actor gained access to the lender’s systems and viewed or copied sensitive customer data from Aug. 21 to 23, according to a notice with the Maine attorney general. In letters to potentially affected customers, the company said names and Social Security numbers may have been compromised.
Mr. Cooper, Loandepot, Fairway Independent Mortgage Corp. Planet Home Lending and many more have also recently been targeted by cyber criminals.
The incidents caused home finance regulators, such as the Federal Housing Administration and Ginnie Mae, to tighten data breach requirements for nonbanks.
There has also been an outpour of litigation filed by impacted customers, some of which have recently settled. Those payouts vary greatly, depending on the breach: Sage Home Loans recently agreed to a $925,000 settlement, while Loandepot said it has incurred losses well into eight figures to address the fallout of its massive cyberattack last winter.
