Malware, phishing and a massive
The companies in public notices revealed hacks affecting as few as around 1,200 customers and as many as about 7,500 clients. The firms said there was no evidence PII, including loan documentation and Social Security numbers, had been misused.
Outside of the individual attacks, Planet Home Lending said it also suffered collateral damage from a ransomware gang's vendor software breach in June which feds say affected over a thousand companies, including banks and non-bank lenders. Hackers in that attack found a previously undiscovered vulnerability in a file transfer software.
The recent spate of hacks pale in comparison to mortgage breaches in recent years impacting
The activity coincided with rising
Planet Home Lending and Mutual of Omaha Mortgage, another affected lender, declined to comment, while none of the other impacted companies responded to requests for comment.
Each firm provided its affected customers with 12 to 24 months of complimentary credit monitoring and identity theft restoration services from either Experian or IDX, according to notices with the Office of the Maine Attorney General.
Home builder Lennar Corp. had the largest publicly disclosed breach among industry firms this summer, with the SSNs of 7.448 consumers exposed in a July hack. The company discovered the unauthorized activity within its system July 20, the same day it began, and notified law enforcement and cyber security experts. Lennar notified its consumers of the unspecified type of hack last week.
Scottsdale, Arizona-based V.I.P. Mortgage was the victim of a malware attack last December, according to its September notice. The unnamed hacker may have accessed SSNs for some of the 5,415 clients the lender notified. VIP completed its investigation into the hack in August.
Insurer Mutual of Omaha meanwhile told 1,193 of its mortgage consumers last month their PII and loan numbers were involved in a phishing attack. The email incident, according to a Maine notice, lasted four days in early June.
"Upon discovery, Mutual Mortgage took immediate action to change the employees' Microsoft account passwords to prevent further access to the Microsoft accounts, as well as blocked the identified phishing addresses to prevent further occurrences," wrote Terry Connealy, president of Mutual of Omaha Mortgage, in a notice to customers.
Planet Home Lending was caught in the same zero-day attack that already
"We have also installed all patches released by Progress Software, and implemented additional technical safeguards to help prevent similar incidents in the future," read the Aug. 31 notice by Planet.
Flagstar Bank, the victim of