Cybersecurity incidents have become increasingly common in the mortgage industry, with multiple lenders and servicers experiencing data breaches that compromised sensitive customer information. Carrington Mortgage Services is the latest player to be impacted, as a ransomware attack at its vendor Alvaria compromised the information of its customers, including partial Social Security numbers.
In this blog post, we'll take a closer look at the details of this breach, as well as other recent cybersecurity incidents in the mortgage industry.
Last week, Carrington Mortgage Services announced that a technology company it uses, Alvaria, experienced a ransomware attack in March. As a result, the personal information of some of Carrington's customers, including partial Social Security numbers, was compromised.
Although neither Carrington nor Alvaria disclosed the total number of affected clients, a letter to state attorneys general indicated that at least 4,167 residents of Massachusetts were impacted. This is the most recent hack of a mortgage player, following a series of incidents across the industry last year.
Alvaria responded to the attack by restoring its operations through backups and securing its networks. According to the Lowa letter, “the unauthorized actor obtained some data associated with the company maintained in the technical system log and temp files.” “While Alvaria performed its forensic investigation, the company completed its analysis of the affected data on April 4, 2023
According to Carrington Mortgage Services, compromised data due to the breach at Alvaria includes clients' names, mailing addresses, telephone numbers, loan numbers and balances, and the last four digits of their Social Security numbers.
However, when asked about Alvaria's reported data breach, Carrington's attorney declined to comment, while Alvaria's general counsel deferred to a company spokesperson. Alvaria did notify the FBI and took additional security measures following the breach, although the details of these measures were not disclosed.
In an effort to mitigate the effects of the breach, Carrington is offering customers 24 months of free credit monitoring and fraud consultation from Experian. In a letter to the Iowa Attorney General, Carrington defended its information security diligence and stated that it had received positive reviews from state and federal regulators, rating agencies, and banking counterparts.
The letter signed by the attorney for Carrington said: “Nevertheless, in light of this event, the company has begun an additional assessment of Alvaria's technical security measures to ensure that Alvaria has been providing and will continue to provide the security measures promised to the company and to help ensure this type of incident does not happen again.”
Carrington Mortgage Services has been actively involved in the mortgage servicing rights market and purchased $62.3 billion in 2020, making it one of the top 25 services in the country. In total, it holds $122.1 billion in MSRs from 682,000 borrowers. This incident is the second data breach at Alvaria within four months, with the previous attack being disclosed in February and impacting 4,695 customers.
The Hive Ransomware group was responsible for this attack, and in November, the group released corporate records on the dark web, though no customer data was included. It's unclear whether the November breach affected mortgage customer data. In 2021 alone, various mortgage lenders have disclosed cybersecurity incidents that impacted 191,000 customers.
These attacks have ranged in severity, from incidents affecting as few as 600 customers to a third-party breach that impacted 139,493 customers of Hatch Bank in California. Several class action complaints against impacted companies remain pending in federal courts, including those against servicers such as Key Bank, Lower, and Overby-Seawell Company.