Top 10 U.S. mortgage lender Fairway Independent Mortgage Corp. sustained a cyber attack in early December due to vulnerabilities in a vendor system, the company told the Massachusetts Office of Consumer Affairs and Business Regulation.
On Dec. 4, the company’s information security team “received notification that an unauthorized user had successfully accessed a third-party system utilized by Fairway,” Bryan Ramsey, vice president of information security incident response at Fairway, wrote in a letter sent on Feb. 2 to individuals affected by the incident in Massachusetts.
“Fairway promptly implemented the patch after it was released by the developer to rectify the newly identified vulnerability,” Ramsey wrote. “Although the engagement of a third-party security firm was initiated for the expeditious analysis of the data to identify impacted customers, it took an extended duration for the firm to uncover the relevant information.”
Ramsey added, “Nonetheless, this proactive measure ensures a thorough assessment and allows us to promptly identify and notify affected customers.”
Fairway did not disclose who the third party was. The letter was disclosed on Feb. 23.
Steve Jacobson, CEO at Fairway, wrote in an emailed response to HousingWire, “Respecting the process, we have no comment right now.”
Hackers had access to names, Social Security numbers, dates of birth, current addresses, bank account information, and credit card account numbers.
In Massachusetts, the data breach affected 430 customers, but there’s no indication of the total number of individuals affected nationwide. The lender is offering free identity theft protection and credit file monitoring to individuals affected.
Fairway is among the vast list of mortgage companies affected by cyberattacks recently, including Mr. Cooper Group, First American and Fidelity National Financial Inc., the parent of servicer LoanCare.
In its most recent update on an incident that occurred Jan. 4, loanDepot said that 16.9 million individuals had sensitive personal information impacted. The company will have up to $17 million in additional expenses related to the incident in the first quarter of 2024.
Mortgage executives recently told HousingWire that these attacks have put the industry in “alert mode.” They don’t have a clear answer for why the mortgage sector, mainly servicers, has sustained so many attacks of late. Still, they acknowledge that they keep a vast amount of customer data and some players may be vulnerable amid a shrinking market.