Academy Mortgage says it stopped a data breach last March that exposed the personal identifiable information of 284,443 customers.
In a notice to the Office of the Maine Attorney General, the Draper, Utah-based lender did not say whether the incident was related to a
"We have wiped and rebuilt affected systems and have taken steps to bolster our network security," the company wrote in a consumer notice mailed Dec. 20. "We are also reviewing and altering our policies, procedures and network security software relating to the security of our systems."
Ransomware as a service group Alphv claimed responsibility in May for holding Academy's corporate data hostage, and it suggested the lender at that point refused to pay ransom. The gang's threat to Academy included reference to the lender's
It's unclear if Alphv released its supposed data captured onto the dark web. International authorities
Academy, following the March breach, worked with unidentified third-party forensic specialists to help with its investigation, which wrapped up in late November. The mortgage firm is offering 12 months of complimentary credit monitoring and fraud assistance service through a Transunion subsidiary, Cyberscout.
The lender, which offers a large suite of residential loans, counts 220 branches nationwide and 846 sponsored mortgage loan originators, according to Nationwide Multistate Licensing System records. Data from S&P Global shows Academy originated $3.8 billion in loan volume in 2023 through September.
Academy's notice follows recent data breach reports from major industry players
