Cyber fraudsters find vulnerable lenders in new attacks

Mortgage companies find themselves in the crosshairs of cyber criminals once again, as evidenced by a recent notice of compromised personal information sent to customers of a West Coast lender. 

The company previously known as Pacific Residential Mortgage last week notified customers of a ransomware attack, which it became aware of earlier this year.

"On February 10, 2025, PacRes detected that a ransomware lockdown of some of our systems was carried out by cyber criminals," the notice stated. "We quickly recovered the affected systems from backups and started our investigation of the incident."

Among personal identifiable information at risk of falling into perpetrators' hands were Social Security numbers, driver's license data and financial account details, the lender determined.

PacRes did not disclose in any of its notices the number of individuals whose data was included in the attack. The letter also did not mention if the company paid in response to the ransomware demand. 

The company discovered the incident just weeks after completing its merger with Go Mortgage. PacRes, previously headquartered in Beaverton, Oregon, offered loans primarily in the Western U.S., with branches in several states. Origination volume in 2023 totaled $615 million, according to Home Mortgage Disclosure Act data.  

Columbas, Ohio-based Go Mortgage, which originated a similar $619 million in 2023, had not responded to a request for further details prior to publication. To assist customers, the company said it would provide credit monitoring service to impacted parties for one year, with services provided by technology security firm Cyberscout. 

The PacRes incident is the latest ransomware event to impact mortgage lenders in the past several years, with similar setbacks striking Mr. Cooper and Loandepot in late 2023 and early 2024. Ransomware group Alphv claimed responsibility for infiltrating Loandepot's systems, while a lawsuit filed late last year alleged Mr. Cooper paid off the same organization.

In 2021, a ransomware attack on Flagstar Bank resulted in the payment of $1 million in bitcoin to the cyber criminals, a development which only came to light last year.  

A separate incident at a California credit union in 2024 also resulted in PII data of over 1 million individuals possibly revealed.  

While still a scourge on businesses, cyber attacks in the mortgage industry made fewer headlines last year following a steady spate of such occurrences in 2023, which involved lenders, servicers and title insurers.

In an ominous start to 2025, though, PacRes' announcement arrived just days after Western Alliance Bank, a provider of warehouse lending to mortgage companies, said an October data breach, which went unnoticed for months at its site, affected 22,000 people. As in several prior cases, the bank blamed a flaw in third-party vendor software for allowing the breach to occur.

In an update to another 2024 case, Irvine, California-based Vista Point Mortgage sent additional letters to affected individuals in late March after identifying more victims of a cyberattack on its systems last spring. The number affected now exceeds 15,500 people, the Office of the Maine Attorney General said. Over 400 letters went to Texas residents, according to that state's officials.