Steps mortgage lenders should take to protect their data

Img

A series of data breaches hit the financial services sector at the end of 2023 and into the new year, highlighting how vulnerable the mortgage industry can be to attacks from bad actors. 

Millions of borrowers have had their personal identifiable information exposed, with Social Security numbers and bank account information shared to the dark web. These incidents have put mortgage stakeholders on alert regarding how they can protect their infrastructure going forward. 

Companies recently impacted include: Loandepot, Mr. Cooper, Academy Mortgage, Fairway Independent Mortgage, Planet Home Lending, Fidelity National Financial and First American Financial Corporation

Attacks have been carried out using third-party vendor vulnerabilities and other means, such as directly attacking companies through phishing, with spoofing emails. Bad actors have become more sophisticated, using generative artificial intelligence to mimic communications, making it harder to spot fakes, cyber security experts say.

RELATED: What happens in a cyber attack? Experts discuss incident response

These incidents not only hurt mortgage companies reputationally, but also financially. Loandepot and Mr. Cooper, both public companies, revealed the aftermath of being attacked amounted to millions in expenses, filings with the Securities and Exchange Commission show.

According to Ike Suri, CEO of FundingShield, there truly is a rise in cyber crime that has impacted the mortgage industry – it's not just conjecture. Some of it stems from lenders beefing up vendor reliance during the recent mortgage boom, in a push to speed up originations.

"Lenders and large institutions have always counted [attacks] as the cost of doing business and have wiped it under the rug," Suri said. "There was a spike [during the pandemic] and there continues to be a spike."

It is inevitable these attacks will continue, and as nefarious players get better at finding weak points in technology, there are steps mortgage companies should consider taking to protect their data and infrastructure going forward.