Nations Direct Mortgage says breach hit 83,000 customers

A cyberattack in December compromised the sensitive data of 83,108 customers of Nations Direct Mortgage, the lender disclosed March 14.

The Henderson, Nevada-based wholesale company revealed few details of the hack to its customers in notices shared with the Office of the Maine Attorney General. The one-day incident on December 30, 2023 came amid a spate of data breaches at lenders at the end of last year. 

An attorney who filed the Maine notice didn't respond to a request for comment Friday, while the company shared the consumer update on its website. 

Nations Direct said it immediately contacted third party experts and notified law enforcement. A subsequent probe found that an unauthorized third party "potentially removed" information which may have included names, addresses, Social Security numbers and customers' unique loan numbers. The letter doesn't speak further about the culprit nor form of attack. 

The lender is offering free identity monitoring services provided by Kroll for 24 months. The offer includes a $1 million identity fraud loss reimbursement. The company said it has no knowledge of fraudulent use of its customers' information. 

Through last November, Nations Direct originated $1.4 billion in mortgage volume in 2023, according to data from S&P Global. The firm, which counts 221 associated members on LinkedIn, offers non-qualified mortgage products among conventional and government-sponsored home loans. 

The attack on Nations Direct follows incident disclosures by Fairway Independent Mortgage Corp., Loandepot and Planet Home Lending for hacks occurring between last November and December. While Fairway didn't reveal the extent of its hack, Planet Home Lending said nearly 200,000 clients were affected, while Loandepot said nearly 17 million of its customers were involved in its incident. 

Those firms, like many others following an incident disclosure, are also facing class action complaints from affected customers who claim the companies failed to protect their data. Such lawsuits can take years to resolve; lawsuits over major breaches at Bayview Asset Management and Flagstar Bank in 2021 are still ongoing. 

For reprint and licensing requests for this article, click here.
Cyber security Data breaches Fraud Industry News Cyber attacks
MORE FROM NATIONAL MORTGAGE NEWS