{"id":3741,"date":"2024-02-09T10:46:49","date_gmt":"2024-02-09T15:46:49","guid":{"rendered":"https:\/\/www.deeds.com\/articles\/?p=3741"},"modified":"2024-04-25T23:16:59","modified_gmt":"2024-04-26T03:16:59","slug":"the-hacks-keep-coming-private-customer-data-exposed-at-four-major-mortgage-companies","status":"publish","type":"post","link":"https:\/\/www.deeds.com\/articles\/the-hacks-keep-coming-private-customer-data-exposed-at-four-major-mortgage-companies\/","title":{"rendered":"The Hacks Keep Coming: Private Customer Data Exposed at Four Major Mortgage Companies"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Remember that Halloween cyberattack<\/a> on Mr. Cooper? Hackers got customers\u2019 names and birth dates, Social Security numbers, addresses and phone numbers. They even got access to people\u2019s banking details.<\/p>\n\n\n\n

Some customers \u2014 new and longtime \u2014 tried to log in and could not access their accounts. They could not make payments. Even worse, the breach derailed some home buyers\u2019 closing days.<\/p>\n\n\n\n

Some people just recently received letters about the breach, and realized that the Mr. Cooper Group must have touched their mortgages at some point. Some of the exposed customer information came from households financed or serviced by Nationstar Mortgage \u2014 Mr. Cooper\u2019s previous name. Their past information was still stored in the system. According toTechCrunch<\/em><\/a>, nearly 14.7 million people had their data stolen.<\/p>\n\n\n\n

But there\u2019s more. Mr. Cooper wasn\u2019t the only mortgage firm dealing with security breaches.<\/p>\n\n\n\n

A spate of recent cyberattacks hit three more big mortgage and title companies<\/a>: National Financial (FNF\u00ae), First American Financial<\/a>, and loanDepot\u00ae. All in the past four months. The fallout is ongoing.<\/p>\n\n\n\n\n\n\n\n

Is Cyberattacking Now a Software Industry?<\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Cyberattacks are becoming more frequent \u2014 and they\u2019re being packaged.<\/p>\n\n\n\n

Ransomware as a Service (RaaS) providers \u201clicense their software to other malicious parties, typically in exchange for a portion of the ransom proceeds,\u201d according to the cybersecurity company SentinelOne<\/a>.<\/p>\n\n\n\n

Financial businesses, much like government agencies, dread having to go offline. So they might be pressed into coughing up ransoms. With ransomware, bad actors don\u2019t have to be very sophisticated to do a lot of damage.  <\/p>\n\n\n\n

In addition to the ransom demands, there are the Distributed Denial of Service (DDoS) attacks. These can affect emails, websites, and financial accounts.<\/p>\n\n\n\n

Multiple computers swarm one target. This is how the DDoS works. It shuts down valid visitors\u2019 access to websites and systems by flooding the network with activity.<\/p>\n\n\n\n

Software, and even \u201cattack-for-hire\u201d services, can help fraudsters carry out DDoS.<\/p>\n\n\n\n

Could digital fingerprints and <\/strong><\/em>blockchain technology<\/em><\/strong><\/a> be society\u2019s best bets against ransomware?\u00a0<\/strong><\/em><\/pre>\n\n\n\n
Costs to the Company: The Worst Is Reputational<\/h2>\n\n\n\n
After being attacked, a company could easily spend millions of dollars on temporary remedies to comfort the people affected. Things like identity protection services for current and past customers.<\/p>\n\n\n\n
On top of that, a hacked company can face civil suits<\/a>.<\/p>\n\n\n\n
No company wants its shares to fall on account of negative news and social media. No company wants to be stuck in court. So companies pay ransoms to shake off the nightmares and get back to business. The average ransom paid out to hackers stands at $1.6 million, according to Sentinel One.<\/p>\n\n\n\n
The government takes these things seriously. This could mean more potential costs. Companies may find themselves paying fines for not following rules. There are official penalties for leaving customers\u2019 information vulnerable, if a company falls short of industry requirements.<\/p>\n\n\n\n
Normal business operations are suddenly placed on hold as personnel focus on mitigating losses, restoring the databases, and adopting new security measures. In fact, Mr. Cooper is expected to pay some $25 million in a three-month period for data recovery and credit protection for its customers, the company has stated.  <\/p>\n\n\n\n
Companies are also forced to shell out higher premiums for their cybersecurity and insurance coverage. They may need to employ cybersecurity experts to assess or prevent further damage.<\/p>\n\n\n\n
And when the dust settles, people feel let down. Regaining the trust of customers and the public isn\u2019t easy. Nor is it cheap.<\/p>\n\n\n\n
What We Should Expect Financial Services to Do<\/h2>\n\n\n\n
Once a data breach comes to light, a business needs to inform customers whose personal information was exposed. It needs to monitor the internet for evidence of any further harm. It needs to be upfront about the incident and the scope of what was compromised. It needs to offer guidance about how the people affected can act to protect themselves.<\/p>\n\n\n\n
We should expect our lenders and loan servicers to:<\/p>\n\n\n\n