Academy Mortgage says hack affected 284,000 customers

Img

Academy Mortgage says it stopped a data breach last March that exposed the personal identifiable information of 284,443 customers. 

In a notice to the Office of the Maine Attorney General, the Draper, Utah-based lender did not say whether the incident was related to a ransomware gang's alleged hack last year. Mortgage customer and employee names, dates of birth and Social Security numbers were compromised, although Academy said it had no evidence information was misused. 

"We have wiped and rebuilt affected systems and have taken steps to bolster our network security," the company wrote in a consumer notice mailed Dec. 20. "We are also reviewing and altering our policies, procedures and network security software relating to the security of our systems."

Ransomware as a service group Alphv claimed responsibility in May for holding Academy's corporate data hostage, and it suggested the lender at that point refused to pay ransom. The gang's threat to Academy included reference to the lender's $38.5 million settlement in December 2022 over a False Claims Act case. 

It's unclear if Alphv released its supposed data captured onto the dark web. International authorities last month seized the ransomware gang's dark-web leak internet site. 

Academy, following the March breach, worked with unidentified third-party forensic specialists to help with its investigation, which wrapped up in late November. The mortgage firm is offering 12 months of complimentary credit monitoring and fraud assistance service through a Transunion subsidiary, Cyberscout.

The lender, which offers a large suite of residential loans, counts 220 branches nationwide and 846 sponsored mortgage loan originators, according to Nationwide Multistate Licensing System records. Data from S&P Global shows Academy originated $3.8 billion in loan volume in 2023 through September.

Academy's notice follows recent data breach reports from major industry players Fidelity National Financial, First American Financial and Mr. Cooper. Those firms updated counterparties and customers swiftly following newer disclosure rules for publicly traded firms by the Securities and Exchange Commission. 


More From Life Style