Data breaches

Keeping vendor arrangements under wraps, "pen-tests" and a few simple email setting changes can make a world of difference in avoiding future attacks, experts say.

Malicious actors could be utilizing the same software that cybersecurity experts use to test a company's systems for vulnerabilities.

An unnamed hacker in December "potentially removed" sensitive consumer data including Social Security numbers from the wholesale lender.

The attack is one of three major incidents the lender has suffered in the past three years.

The root cause of the hack affecting over 5 million customers was an employee clicking on a link in a work-related search result, according to public case documents.

The New York-based firm said a hack last August compromised the personal identifiable information of 10,835 customers.

The ransomware attack compromised the personally identifiable information of over 199,000 mortgage customers.

The lender didn't reveal whether the incident was related to a purported ransomware gang attack last March.

The company's latest filing provided a brief timeline of the incident that was uncovered on Dec. 20.

The title company was also attacked in 2019 and joins Fidelity National and Mr. Cooper among recent victims.

To make amends to former and current borrowers, Mr. Cooper is footing the bill for two years of complimentary identity protection services.

While ransomware group Alphv/Blackcat claims to have orchestrated the incident, title insurance company Fidelity National Financial has not yet stated whether confidential data was compromised.

The bank suffered its third breach in three years, this time by virtue of a vulnerability in Progress Software's file-transfer system. But Flagstar is only one of many such victims.

The customers were affected by an incident involving a Progress Software program used by Sovos Compliance.

The incident occurred in November 2020 when an unauthorized party gained access to company systems and deployed ransomware, resulting in compromise of employees' personal information.

The case involved incidents occurring in early 2021, when an unauthorized individual obtained access to files containing personal identifiable information of consumers.

HomeTrust Mortgage disclosed customers' names, addresses and Social Security numbers may have been compromised in the incident.

Tech executives say that improperly incorporating new software with existing systems can result in breaches and leaked personal identifiable information.

A class action said the company, which has suffered two breaches in the past year, also was responsible for a larger breach and “downplayed” the situation when it notified consumers.

With the Colonial Pipeline attack still in the news, bank CEOs testifying at a recent hearing cited cyber risk as the biggest threat facing the industry. But members of Congress did not share those concerns, and instead were more focused on criticizing banks about overdraft fees and their level of investment in minority communities.