Cybercriminals appear to have found a new industry to target – mortgage companies.

Over the last few weeks, multiple high-profile mortgage providers reported cyber incidents and openly admitted that hackers have stolen sensitive info. The incidents include the personal information of millions of Americans.

LoanDepot, one of the biggest mortgage lender providers in the USA, suffered a major ransomware attack. In a short statement on its website, the company confirmed that it had to take some systems offline after a cyber incident. LoanDepot has yet to confirm the type of information stolen. However, mortgage companies collect and store sensitive personal information such as social security numbers. There is no information on how many million people have been affected by the breach. 

Nationstar Mortgage LLC (dba Mr. Cooper), another large mortgage provider in the USA, also suffered a cyberattack recently. Hackers were stealing company information for about a month. The stolen data includes personal details such as full name, address, SSN, and date of birth. The fraudsters have stolen the details of approximately 15 million people. This incident is particularly unpleasant because the stolen info is not only of Mr. Cooper’s customers but also of people who have applied for a loan from the company but were not approved. 

LoanCare, which performs loan sub-servicing functions for smaller mortgage companies, also reported a data breach. After an investigation, the company determined that there were personal information in the compromised data. Bad actors stole names, addresses, SSNs, and even loan numbers. The number of people affected by the breach is approximately 1.3 million. LoanCase has begun sending letters to the affected customers that provide  free 24-month access to identity monitoring services.

Multiple lawsuits have already been filed against the companies for failing to protect personal information. 

Why are mortgage companies so attractive to hackers?

Mortgage service providers collect extremely sensitive information about their customers and applicants. Hackers cannot only find all the pieces of the puzzle needed to commit fraud but can also see additional details about potential victims that are not easily available.

Such info includes copies of tax returns, banking info, and detailed information about workplaces, salary, and even the type of car people drive. Such data points help hackers target victims in the most lucrative way possible. 

Victims are advised to be vigilant, keep an eye on credit reports, and always be protected with high-quality antivirus software.

 Â