Nations Direct Mortgage alerts 83,000 to personal data leaks from December cyberattack

Nevada-based Nations Direct Mortgage said more than 83,000 customers were affected by a late 2023  data breach that leaked Social Security numbers and other sensitive information. 

In filings with regulators in Maine and California, the company said it discovered a cybersecurity incident on December 30 that prompted an investigation. Law enforcement and other governmental agencies were notified of the cyberattack. 

The lender operates in 35 states and has originated hundreds of millions of dollars' worth of mortgages since its founding in 2007. 

“The investigation has determined that an unauthorized third party obtained access to and potentially removed data of certain individuals from across the country,” the company said in letters to victims. 

“Based on our investigation, we understand that your name, address, social security number, and unique Nations Direct loan number may have been obtained by the unauthorized third party bad actor.” 

Victims will be given two years of identity protection services from Kroll. The company posted a copy of the letter on its website as well. 

Multiple law firms are seeking victims for a potential class-action lawsuit against Nations Direct Mortgage for the breach. 

The incident took place as several mortgage lenders and housing industry financial giants faced ransomware attacks and other cybersecurity problems. 

One of the largest mortgage loan servicers, Mr. Cooper, spent months in late 2023 dealing with issues before announcing that the information of nearly 14.7 million people was leaked during a ransomware attack. 

Fidelity National Financial — a Fortune 500 provider of title insurance for property sales — was hit with ransomware in November, snarling home purchases across the U.S. for days. 

Title insurance company First American and another large retail mortgage lender LoanDepot announced attacks in December and January that caused widespread problems for home buyers. 

Several other critical financial services institutions like MeridianLink, Tipalti and Moneris reported incidents throughout the fall. One of the world’s largest banks, Industrial and Commercial Bank of China (ICBC), also announced a ransomware attack in November.