National Mortgage Lender AnnieMac Responds to Data Security Incident
National mortgage lender AnnieMac Home Mortgage has notified more than 170,000 customers of a data breach that occurred in August 2024. The breach exposed the names and Social Security numbers of affected individuals. In response, AnnieMac is providing free credit monitoring and identity theft protection services to all those impacted.
The company disclosed that an “unknown actor” gained unauthorized access to its network systems between August 21st and 23rd. During this period, the perpetrator viewed or copied files containing sensitive customer data. AnnieMac CEO Joe Panebianco stated in a press release, “Unfortunately, no organization is immune to the growing threat of cybercrime, and AnnieMac was recently targeted by cybercriminals attempting to breach sensitive information…we acted swiftly and decisively to contain the event, minimize potential harm, and notify those impacted.”
Details of the AnnieMac Data Breach and Response
Following a thorough review of the compromised files, AnnieMac issued written notifications to 171,074 affected customers. The company also notified state and federal regulators, as well as the three major credit reporting agencies: Equifax, Experian, and TransUnion. To mitigate the risk to customers, AnnieMac is offering the “Identity Defense Complete” service from CyEx. This comprehensive service includes:
- Single bureau credit monitoring
- Monthly VantageScore 3.0 credit score and tracker
- Address change and dark web monitoring
- $1 million in identity theft insurance
AnnieMac, a trade name of American Neighborhood Mortgage Acceptance Company LLC, operates under several other names including Family First, Homecomings Mortgage & Equity, and OVM. The company maintains a significant presence across the United States, with 447 mortgage loan originators working from 74 branch offices nationwide, according to the Nationwide Mortgage Licensing System and Registry.
The Broader Context of Cyberattacks in the Mortgage Industry
AnnieMac’s data breach underscores the increasing vulnerability of financial institutions to cyberattacks.
The company acknowledged the widespread nature of these threats, stating, “Cyberattacks are an unfortunate reality for organizations across all sectors…AnnieMac remains committed to contributing to a safer and more secure industry through collaboration and shared learning.”
This incident follows a series of high-profile breaches in the mortgage and financial sectors. Last year, major players like Fidelity National Financial, First American Financial, Mr. Cooper, and loanDepot were all targeted by hackers. The U.S. State Department has attributed some of these attacks to the transnational organized crime group ALPHV/Blackcat, known for its ransomware attacks on thousands of entities globally.
AnnieMac has emphasized its commitment to transparency and customer support in addressing this data breach. The company’s proactive measures, including the provision of free credit monitoring and identity theft protection, demonstrate a commitment to mitigating the potential harm caused by the cyberattack. The incident serves as a reminder of the ongoing need for robust cybersecurity measures within the mortgage industry and beyond. AnnieMac’s experience highlights the importance of vigilance and preparedness in the face of evolving cyber threats.
