Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Customer Information. Show all posts
Identity Theft
Customer Information cyber attack Data Breach Data Leak data security Experian Identity Theft

Wells Fargo Data Breach: Safeguarding Customer Information in a Digital Age

 

In a digital age where data breaches have become all too common, the recent disclosure of a data breach at Wells Fargo, a prominent multinational financial services corporation, has once again brought cybersecurity concerns to the forefront. The breach, impacting the personal information of two clients, underscores the challenges faced by financial institutions in safeguarding sensitive data and maintaining customer trust. 

The breach exposed clients' names and mortgage account numbers, raising significant concerns about the security of personal information within the financial services sector. According to Wells Fargo, the breach was not the result of a cyberattack but rather an employee breaching company policy by transferring information to a personal account. While the exact timeline and duration of unauthorized access remain unclear, Wells Fargo has taken swift action to address the situation and mitigate risks to affected individuals. 

In response to the breach, Wells Fargo has prioritized the welfare of its customers and has taken proactive steps to assist those impacted. The company has offered complimentary two-year subscriptions to Experian IdentityWorks5M, a comprehensive identity theft detection service. This includes daily monitoring of credit reports, internet surveillance to monitor identity-related activity, and full-service identity restoration in the event of theft. Affected individuals are encouraged to activate their subscriptions within 60 days from the date printed on the notification letter, either online or by phone. The team is available via phone during specified hours and offers language assistance services for non-English speakers, as well as support for individuals with hearing or speech difficulties. 

While the specifics of the data breach are still under investigation, Wells Fargo remains committed to enhancing security measures and preventing similar incidents in the future. The breach serves as a stark reminder of the evolving nature of cyber threats and the importance of remaining vigilant in protecting sensitive information. This incident also highlights a recurring issue within the banking industry, as Wells Fargo is not the only financial institution to experience a data breach in recent months. 

In February 2024, Bank of America, another one of the Big Four Banks in North America, announced a data breach affecting its customers. The Bank of America data breach was attributed to a cyberattack targeting one of its service providers, Infosys McCamish Systems. 

As investigations into the breach continue, Wells Fargo reassures its customers of its unwavering commitment to security and vows to implement additional measures to safeguard customer information. Despite the challenges posed by cyber threats, Wells Fargo remains dedicated to maintaining customer trust and protecting sensitive data in an increasingly interconnected world.
Read more »
Mortgage Industry
Alvaria Customer Information Cyber Security Data Breaches Mortgage Industry

Inside the Carrington Mortgage Services Ransomware Attack: Compromised Data and Cybersecurity Measures

cybersecurity incidents in the mortgage industry

The Carrington Mortgage Services Ransomware Attack

Cybersecurity incidents have become increasingly common in the mortgage industry, with multiple lenders and servicers experiencing data breaches that compromised sensitive customer information. Carrington Mortgage Services is the latest player to be impacted, as a ransomware attack at its vendor Alvaria compromised the information of its customers, including partial Social Security numbers. 

In this blog post, we'll take a closer look at the details of this breach, as well as other recent cybersecurity incidents in the mortgage industry.

Details of the Data Compromised in the Attack

Last week, Carrington Mortgage Services announced that a technology company it uses, Alvaria, experienced a ransomware attack in March. As a result, the personal information of some of Carrington's customers, including partial Social Security numbers, was compromised. 

 Although neither Carrington nor Alvaria disclosed the total number of affected clients, a letter to state attorneys general indicated that at least 4,167 residents of Massachusetts were impacted. This is the most recent hack of a mortgage player, following a series of incidents across the industry last year. 

Alvaria's Response to the Breach

Alvaria responded to the attack by restoring its operations through backups and securing its networks. According to the Lowa letter, “the unauthorized actor obtained some data associated with the company maintained in the technical system log and temp files.” “While Alvaria performed its forensic investigation, the company completed its analysis of the affected data on April 4, 2023 

According to Carrington Mortgage Services, compromised data due to the breach at Alvaria includes clients' names, mailing addresses, telephone numbers, loan numbers and balances, and the last four digits of their Social Security numbers. 

However, when asked about Alvaria's reported data breach, Carrington's attorney declined to comment, while Alvaria's general counsel deferred to a company spokesperson. Alvaria did notify the FBI and took additional security measures following the breach, although the details of these measures were not disclosed. 

Impact of Data Breaches on Mortgage Lenders and Servicers

In an effort to mitigate the effects of the breach, Carrington is offering customers 24 months of free credit monitoring and fraud consultation from Experian. In a letter to the Iowa Attorney General, Carrington defended its information security diligence and stated that it had received positive reviews from state and federal regulators, rating agencies, and banking counterparts. 

The letter signed by the attorney for Carrington said: “Nevertheless, in light of this event, the company has begun an additional assessment of Alvaria's technical security measures to ensure that Alvaria has been providing and will continue to provide the security measures promised to the company and to help ensure this type of incident does not happen again.” 

Carrington Mortgage Services has been actively involved in the mortgage servicing rights market and purchased $62.3 billion in 2020, making it one of the top 25 services in the country. In total, it holds $122.1 billion in MSRs from 682,000 borrowers. This incident is the second data breach at Alvaria within four months, with the previous attack being disclosed in February and impacting 4,695 customers. 

Other Cybersecurity Incidents in the Mortgage Industry

The Hive Ransomware group was responsible for this attack, and in November, the group released corporate records on the dark web, though no customer data was included. It's unclear whether the November breach affected mortgage customer data. In 2021 alone, various mortgage lenders have disclosed cybersecurity incidents that impacted 191,000 customers. 

These attacks have ranged in severity, from incidents affecting as few as 600 customers to a third-party breach that impacted 139,493 customers of Hatch Bank in California. Several class action complaints against impacted companies remain pending in federal courts, including those against servicers such as Key Bank, Lower, and Overby-Seawell Company.

Read more »
Subscribe to: Posts (Atom)