Data security

Keeping vendor arrangements under wraps, "pen-tests" and a few simple email setting changes can make a world of difference in avoiding future attacks, experts say.

Malicious actors could be utilizing the same software that cybersecurity experts use to test a company's systems for vulnerabilities.

An unnamed hacker in December "potentially removed" sensitive consumer data including Social Security numbers from the wholesale lender.

The attack is one of three major incidents the lender has suffered in the past three years.

The government mortgage-backed securities guarantor needs data breaches reported within a certain period of time and has specific instructions for subservicers.

The root cause of the hack affecting over 5 million customers was an employee clicking on a link in a work-related search result, according to public case documents.

The mortgage lender said the hack was caused by a third-party's vulnerability.

The lender had previously revealed that personally identifying information from 16.6M customers had leaked, but hadn't offered these details.

The notorious group also allegedly targeted Academy Mortgage and Fidelity National.

Litigation in the mortgage industry sees lenders and servicers featuring as both plaintiffs and defendants.