Buyer Beware - Data Breaches of the Real Estate Industry
Data Breach
The real estate industry has been booming over the last few years -- the primarily sellers' market has been very competitive, with many houses receiving multiple bids well over their asking prices. As many millennials get to be in their home-buying phase of life, the market appears to get hotter and hotter. In the process of home buying, there are many professionals to help along the way -- real estate agents help to find you the perfect home and walk you through the offer process and mortgage lenders help those who need it to secure the financing needed in order to purchase their home.
In addition to all the time and money it takes to purchase a home, there's also quite a bit of paperwork which tends to include all sorts of personally identifiable information (PII) like the buyer's name, new and old addresses, Social Security numbers, and bank account information, just to name a few. This is why it is important for mortgage lending companies to be careful with customer data and do what they can to make it cyber secure. Unfortunately, the industry has been heavily targeted with cyber attacks recently. Below, we'll take a look at some of the larger breaches and attacks seen in recent months in this booming industry.
CMG Mortgage Inc.
In mid-March of this year, CMG Mortgage Inc., a mortgage lending company, found that their systems had been accessed by an unauthorized individual and that among those servers accessed by the unknown party, the databases which contained certain customers' personal and financial information may likely have also been accessed. Later on in March, the company sent out data breach notification emails to their customers to notify them that they may have potentially been affected by the breach. A snippet of the notification letter stated, "...The personal information involved in the incident is commonly included in the application of a loan and may have included your name, address, date of birth, Social Security number, driver’s license number, bank account number, and loan application number. Based on our investigation, it appears you were one of the individuals whose information could be affected by this incident. Please note, at this time, we are not aware of any fraud or misuse of your information as a result of this incident."
To try to remedy this breach of trust and privacy, the company offered all affected customers a 24-month complimentary membership with Experian’s® IdentityWorksSM. The company went on to sincerely apologize for the incident and encouraged customers with questions to reach out to them.
Lakeview Loan Servicing
According to National Mortgage News, mortgage servicing company, Lakeview Loan Servicing, unveiled that they endured a massive data breach in late 2021. The breach was unknown to the company for over a month between October and December of last year. This spelled disaster for the company and their customers, as the information for over 2 .5million customers was exposed in said breach. An unauthorized person gained access to the company's customers' incredibly private information -- being that this is a mortgage company, they had quite a bit of personally identifiable information (PII) for all clients including their names, addresses, and Social Security numbers.
New York-Based Property Management Group Breach
Douglas Elliman’s property management arm manages many buildings in New York; it was recently discovered that many tenants of these Elliman-managed buildings may have had their PII compromised in April 2022. Information for the various buildings' residents and employees was reportedly exposed in this breach. This breach was brought to the attention of the company on April 7th, when the company's IT systems experienced "suspicious activity." This is yet another case of the "unauthorized individual" as the culprit of the attack. The unknown attacker is believed to have gained access to the company's servers between April 5th and 7th of this year. As with the other two breaches mentioned above, personally identifiable information was accessed including Social Security numbers and addresses. There have been no identity theft reports related to this particular breach yet.
