Hackers recently gained access to the personal data of about 54,000 mortgage borrowers on loans originating from Wells Fargo, Citigroup, Capital One, HSBC, and other lenders. While the loans were being acquired by an investment firm, documents with borrowers’ information were apparently exposed online with no password or other protections. Security experts are unsure how much personal data hackers were able to access, and many of the victims may not know they were affected. The banks say they have had no direct involvement in the data breach because they don’t own or service the mortgages but are working to identify which customers were affected.
Hackers could use borrowers’ personal information to establish new credit card accounts or apply for new mortgages, experts warn. Rick Hill, vice president of industry technology for the Mortgage Bankers Association, told The Washington Post that new “uniform federal standards” are needed to better protect consumer data. Hill says borrower information on mortgage applications often don’t remain with the originating lender and can be exposed by other entities.
“Banks have strict data security protocols in place to protect their own data well,” says Paul Brenda, senior vice president for risk and cybersecurity at the American Bankers Association. These practices should also apply to companies that acquire mortgages originated by banks and resold in the secondary market, he adds.
For those who may be a victim of a data breach, security experts advise taking advantage of free credit-monitoring services and freezing or locking credit reports.
Source: “Large Breach of Mortgage Borrowers’ Data Raises New Concerns, Questions,” The Washington Post (Feb. 6, 2019)