The mortgage division of D.R. Horton recently fell victim to a cyber security attack, potentially compromising sensitive borrower data, the Fort Worth, Texas-based homebuilder disclosed late Thursday.
Horton, the largest U.S. homebuilder in 2011, described the incident at Austin, Texas-based DHI Mortgage as a “software security breach by unknown external sources in its Internet Loan Prequalification System.”
“Upon identifying the security breach, DHI Mortgage took immediate steps to remedy the breach by isolating the affected server, purging certain affected files and modifying our electronic security measures to address the specific issue,” Horton said in a statement released after markets closed Thursday.
“We are in the process of notifying affected customers that their personal data may have been compromised,” the statement continues. “We regret the inconvenience to our customers, and encourage them to follow the precautionary actions outlined in the email or letter that they receive.”
On Friday afternoon Horton's stock was trading at $14.29, about 1% below its Thursday closing price of $14.47.
The domain name and corresponding Internet protocol address for DHI Mortgage's online application website is registered to DR Horton. The company also manages the site's two domain name system servers, which essentially translate the domain name a user types into a Web browser into the site's corresponding IP address. The secure certificate for the site is also registered to DR Horton.
“If you look at the domain name servers listed for that domain name, a lot of times if they're using a third party, they'll use a third party's DNS servers,” explained Randy Schmidt, president of Mishawaka, Ind.-based Data-Vision, a vendor of Web-based mortgage POS technology who reviewed DHI Mortgage's website for National Mortgage News/Mortgage Technology.
Schmidt noted that while Horton's Web server manages the domain, it is possible that its POS tool is hosted by an outside vendor. “We have several customers that have elected to do that, but most of our customers have us manage the DNS for them,” he said.
“Everything I can see right now looks like it might be something they've done themselves. There's not anything that's pointing me to anybody else,” Schmidt said. “That doesn't mean that it isn't, but there's nothing that's pointing me in that direction.”
