Large breach of mortgage borrowers’ data raises new concerns, questions

  Back to News

A large breach of mortgage data that has exposed the personal financial information of tens of thousands of borrowers raises key consumer questions: What happens to all those disclosures we make after we apply for and obtain a home loan — our tax returns, Social Security numbers, credit card accounts, bank account numbers and detailed summaries of our assets?

Where does it all go after the closing? If your mortgage or servicing rights subsequently are sold and resold to other companies, what happens to all that intimate information? Does it stay securely padlocked away somewhere, far out of the reach of criminals?

You would hope so, but consider this — 54,000 mortgage borrowers recently had their financial data exposed to identity thieves trolling on the Internet. Borrowers had no hint that they were vulnerable, and many may still not know that a breach occurred.

There was no lock on the online files that contained their private data. Stunningly, their information was not protected by even a simple password. It’s not known at this point whether, or how much, personal data was accessed, but the files reportedly were exposed for two weeks or more. Some borrowers could find that criminals already have used their information to establish new credit card accounts, purchase merchandise, even apply for new mortgages — creating havoc for the victims.

First reported by trade publication TechCrunch, the breach involved loans originated by several companies — Wells Fargo; a unit of Citigroup; Capital One; HSBC Life Insurance; and others. The loans were acquired by investment management firm Rocktop Partners, based in Arlington, Tex. Rocktop’s affiliate, Ascension Data & Analytics, hired a New York-based company, OpticsML, which allegedly made a “server configuration error” that led to the exposure of the documents, according to an email sent to me by Sandy Campbell, Ascension’s general counsel.

OpticsML, meanwhile, has gone offline. As of late last week, its phone number had been disconnected, and the contact information listed on its website was nonfunctional. In a statement for this column, a company spokesman explained that, “In an abundance of caution, we have taken down our website and servers while we conclude our investigation of the unauthorized access.”

Campbell told me that Ascension is “in regular contact with law-enforcement investigators” regarding the breach and “is working with vendors” to send notification letters to affected mortgage borrowers. It will also provide “credit monitoring, call-center support and identity-restoration services at no cost.”

The banks whose loan clients might have been injured made it clear in statements that they had no direct involvement in the data breach because they neither own nor service the mortgages.

Nonetheless, a Citibank spokesman said it is “working to identify potentially affected customers” and has “instituted a forensic investigation.” A spokeswoman for Wells Fargo told me, “We have no indication that any Wells systems or service providers were compromised,” and the bank views the “security of our customers’ personal information” as “our priority.”

Industry experts were aghast at the breach. Paul Benda, senior vice president for risk and cybersecurity at the American Bankers Association, said “banks have strict data security protocols in place . . . and protect their [own] data well.” So, too, should companies that acquire mortgages originated by banks and resold in the secondary market. “If you receive this loan data, well gosh darn it you need to protect it,” Benda added.

Rick Hill, vice president of industry technology for the Mortgage Bankers Association, called for new “uniform federal standards” for protecting consumers’ data that would apply in instances like this.

The underlying problem here is that the personal information we all supply to get a home mortgage frequently does not remain with the lender that made the loan.

Mortgages routinely are pooled and sold to investors in a vast secondary market; those investors may resell chunks of their portfolios to other investors. After a couple of transactions, the financial data backing an individual mortgage is far removed from the bank or mortgage company that originated it. As a general rule, mortgage investors take pains to store client financial data on platforms that include significant security protections. But as this new breach illustrates, lapses can occur.

What to do if you find yourself a victim? Pretty much the same things you did when Equifax got hacked: Consider taking advantage of any free credit-monitoring services you are offered, and consider freezing or locking your credit reports.

This content has been reproduced from its original source.

SHARE:

  BACK

How Title Fraud Works

Thieves simply change ownership of your home from YOU to THEM. Then they TAKE OUT LOANS on your home and just disappear - leaving YOU with the payments and a mountain of legal bills.

Click to see if your home's title has been compromised.
Get your FREE TITLE SCAN and COMPREHENSIVE TITLE REPORT (a $100 value FREE with sign up)

RISK FREE SIGNUP

Speak to a live agent
(800) 899-6268

100% Money Back Guarantee Within First 60 Days


Home Title Lock

Property ownership is not just the American dream, it's also the most flexible financial tool to build family prosperity. Home Title Lock ensures that your assets are protected against Title Fraud and Title Thieves.

Find Out More


You Need Home Title Lock to Protect Your Property

Thirty years ago we started creating the largest database of property records in the United States. Today, that database has 6.1 billion property records. We protect your property value and ownership from on-line threats both foreign and domestic.

GET PROTECTED

Risk Free for 60 Days

Speak to a live agent
(800) 899-6268


Watch This Now

RISK FREE SIGNUP

How Easily Title Fraud Occurs

EVERYTHING is stored online in the cloud - including your home's title

1

Domestic and international thieves scour online records for homes with equity. It could be the home you live in, your vacation home, a home of an elderly relative, or rental property you own.


2

Once they change your home's ownership from YOU to THEM, they re-file the Quitclaim Deed for your home with the proper authorities so it appears your home has been legally sold.


3

They take out personal loans through banks and online lenders using all your home's equity. You likely won't know you're a victim until you start receiving late payments or foreclosure notices.

Click to see if your home's title has been compromised.
Get your FREE TITLE SCAN and COMPREHENSIVE TITLE REPORT (a $100 value FREE with sign up)

Risk Free for 60 Days

Speak to a live agent
(800) 899-6268

ACCORDING TO THE FBI:
Title and Mortgage Fraud are the fastest growing white collar crimes in America.

Everything is stored online these days - including your home's title. Domestic and international cyber-thieves target U.S. homeowners equity in their homes. Removing you from your home's title takes just minutes. Then they forge their name on the title document and refile it. Next, they take out loans using your home's equity and stick you with the payments. You likely won't know until you get a late payment or foreclosure notice from several banks.

Get your FREE TITLE SCAN and COMPREHENSIVE TITLE REPORT (a $100 value FREE with sign up)

SIGN-UP NOW RISK-FREE  

Title Fraud is NOT COVERED by

Your Bank

Legal Trust

Homeowners Insurance

Identity Theft Protection

You Need Home Title Lock to Protect Your Property

GET PROTECTED
Sign Up  

Activate Title Lock alerts and secure your property from fraudulent title filings