WEI Mortgage discovered a data breach from an email phishing scam last fall that may have exposed loan package information and identifying data such as Social Security numbers.
"With the assistance of third-party forensic investigators, WEI Mortgage learned it was the victim of an email phishing attack, resulting in unauthorized access to certain employee email accounts," according to a WEI press release.
The breach, which occurred between Sept. 13 and Sept. 28, 2017, may have resulted in unauthorized access to personal information.
"While the investigation found no evidence of actual or attempted misuse of personal information, the investigation revealed some personal information was present in the impacted email account as the time of the incident," according to the press release.
The breach also may have exposed: loan package information, Social Security numbers, dates of birth, health insurance information, addresses, driver's license or state identification numbers, passport numbers, tax ID numbers, bank or credit card information, names, usernames and passwords.
In response, WEI notified law enforcement and confirmed the security of its systems. They are also recommending their clients file fraud alerts with the credit bureaus.
Affected individuals also receive free credit monitoring and identity restoration services through a third party, if desired.
In addition, the Mount Laurel, N.J.-based mortgage banker is educating its employees about phishing schemes.
Teaching employees to detect fake emails and doing things like avoiding clicking links from unknown email senders can help make cybersecurity efforts more effective.
Phishing and wire fraud have been a "common theme" in recent cybersecurity incidents, according to John-Thomas Gaietto, executive director of technology services at mortgage industry consultancy Richey May.