Data security

The companies are the latest mortgage businesses to face class action complaints from consumers impacted by the cyberattacks.

Cybersecurity expenses and threats

A data breach in 2022 costs companies $4.35 million on average, an all-time high according to IBM research.

To meet the growing demand, banks are faced with a choice of hiring, reskilling or outsourcing.

A class action said the company, which has suffered two breaches in the past year, also was responsible for a larger breach and “downplayed” the situation when it notified consumers.

Borrowers condemned the company's disclosures, which came six months after the incident and omitted details about the hack and subsequent investigation.

The federal class action lawsuit is at least the third similar action within the industry over a cyberattack revelation.

The newly revealed victims were affected by the previously disclosed cyberattack, which went undetected for 41 days between September and December.

The data breach, which occurred over a two-day period last December, is the largest disclosure by a mortgage lender this year.

In response to a raft of recent data breaches, mortgage lenders are implementing a number of measures to protect their clients and themselves.

The incident at the mortgage fintech occurred late last year as a spate of attacks rocked other housing lenders.

Pingora Loan Servicing still hasn’t disclosed the full scope of last fall’s hack impacting at least 169,000 customers across four states.

Several federal agencies have recently stepped up requirements on banks to notify regulators and the public when they fall victim to cybersecurity incidents.

Increased cybersecurity spending puts an extraordinary squeeze on smaller firms that struggle to maintain revenues amid the origination slowdown.

Cybercriminals can leverage the workflow of the digital firms against them by tossing a plethora of stolen credentials at an online loan application until they secure approvals, according to one expert.

With large banks establishing strong security infrastructure, cybercriminals are eyeing smaller and mid sized companies as their next victims.

Although no attacks have been tied to the country so far, professionals say the industry already beset by heightened fraud risk is a ripe target.

An incident at American Financial Resources compromised the information of 216,645 borrowers, the company acknowledged.

The bill, part of the omnibus spending package, would force banks and other critical infrastructure providers to tell the government right away when they’ve been breached.

The legislation by Sens. Rob Portman and Gary Peters has bankers worried about burdensome reporting requirements.