Nevada-headquartered wholesale lender Nations Direct Mortgage revealed that an unauthorized third party obtained access to the data of more than 83,000 customers on or about Dec. 30, 2023, the lender disclosed on March 14 in a notice shared with the Office of the Maine Attorney General.
An investigation showed that names, addresses, Social Security numbers and loan numbers may have been obtained by the unauthorized third party bad actor, Nations Direct said on its website. The breach was previously reported by National Mortgage News.
Upon becoming aware of the incident, Nations Direct Mortgage said it immediately commenced an investigation with the assistance of third-party experts and began taking measures to assess and contain the incident. The breach was quickly contained, the lender stated.
Nations Direct Mortgage will provide services through Kroll at no cost to the recipient for 24 months. The identity monitoring services include credit monitoring, a web watcher, $1 million in identity fraud loss reimbursement, fraud consultation and identity theft restoration.
The wholesale lender notified impacted individuals of the data breach at the end of February. Customers were notified of the protection services earlier this month.
Founded in 2007, Nations Direct Mortgage is a direct seller to Fannie Mae, Freddie Mac and Ginnie Mae, according to its website. The lender, which employs more than 250 staff, offers government mortgages, conventional mortgages and nonqualified mortgages (non-QMs).
Nations Direct Mortgage had production origination volume of $1.4 billion through the first 11 months of 2023, according to data from S&P Global.
The data breach at Nations Direct is the latest in a string of cyberattacks across the mortgage industry.
Hackers gained access to the sensitive personal information of about 16.6 million clients at loanDepot in January. Executives shared in the company’s most recent earnings report that the recent cyberattack will have an impact on the company’s Q1 2024 financial results.
In October, Mr. Cooper Group experienced a cybersecurity incident with an unauthorized third party that accessed certain portions of its technology systems and customer data. The data breach led the company to estimate an additional vendor cost related to the incident in the fourth quarter, which will include the offering of identity protection services for two years.
