In the past month, a number of mortgage firms have disclosed cyberattacks affecting a combined hundreds of thousands of customers, amid reports of rising industry fraud risk.
Lender American Financial Resources reported a data breach affecting 216,645 borrowers in March, according to a disclosure with the Indiana Attorney General’s Office. The Parsippany, New Jersey-based company identified suspicious activity in December and determined files including information such as social security numbers were accessed without authorization between Dec. 6, 2021 and Dec. 20, 2021.
The firm offered affected customers complimentary one-year Kroll credit monitoring and identity theft protection services. It also implemented additional security measures including a new endpoint detection and response tool, according to public notices.
“AFR has taken steps to enhance its existing cybersecurity measures following the incident and will continue to look for opportunities to implement additional enhancements as part of its ongoing commitment to cybersecurity,” said Bill Packer, AFR executive vice president and chief operations officer, in a statement.
It’s the largest publicly-disclosed mortgage data breach since Lakeview Loan Servicing’s March
In addition to AFR, four lenders and a title company reported in the past two months breaches as far back as 2020, impacting a combined thousands of customers, according to Indiana public records. Cyberattacks impacted as few as 530 customers at one firm and as much as 7,491 at another, according to public notices, which didn’t elaborate on the type of incident.
Also, Maryland-based Certified Title Corporation disclosed last month that 10,624 of its customers were impacted by the
The revelations come after reports of increased fraud, with suspicious activity report filings
The disclosures also come in the wake of President Biden’s signing of the $1.5 trillion omnibus spending bill, which includes new requirements for banks and other institutions to
