Mortgage-related businesses need to use a variety of low-cost tools to mitigate their risks, according to a panel of cyber risk leaders.

The hack that occurred in December affected 27,746 mortgage customers, the South Carolina-based lender said.

A new policy directive aims to fortify critical infrastructure by enhancing collaboration between U.S. intelligence agencies and systemically important financial entities.

After gaining access to On Q systems via vendor software, unknown parties were able to obtain and remove client personal information, including Social Security numbers.

The report seeks to help banks "disrupt rapidly evolving AI-driven fraud," according to Treasury's Nellie Liang. The report found banks have difficulties accounting for AI risks.

Some vendors can act as backups when a cyberattack knocks the regular provider's system offline. Others offer vendor management expertise that may help.

Keeping vendor arrangements under wraps, "pen-tests" and a few simple email setting changes can make a world of difference in avoiding future attacks, experts say.

Malicious actors could be utilizing the same software that cybersecurity experts use to test a company's systems for vulnerabilities.

An unnamed hacker in December "potentially removed" sensitive consumer data including Social Security numbers from the wholesale lender.

The attack is one of three major incidents the lender has suffered in the past three years.