NetworkTigers discusses cyberattacks in the mortgage industry and the consequences for consumers.
Several factors make the mortgage industry especially vulnerable to fraud and cybercrime.
- Time sensitivity. Pressure to close on homes and real estate creates the need for rapid transaction processing and speedy verification.
- Ongoing access to self-serve portals. Users can process payment information from unsecured home networks.
- Aggregation of personal and financial information. Mortgages are the single largest driver of household debt in the US, recording data from Americans owing over $12 trillion on 84 million mortgages.
The consequences of these factors combined mean that the mortgage industry is a more lucrative and common target for cybercriminals than ever before.
Cybercrime statistics in the mortgage industry
According to a LexisNexis Risk Solutions report, the mortgage industry faces a greater risk of fraud than other banks and financial services. Cybercrime rates in the mortgage industry have risen dramatically since the start of COVID-19, with threat actors seeking entry at every stage of the application and fulfillment process.
In 2021, mortgage lenders reported facing off against an average of 1,431 fraud attempts each month. In 2022, mortgage firms reported that wire or title fraud was present in 33% of transactions within the first quarter alone.
Mortgages are crucial for American home buyers and relatively opaque as an industry, making real estate informational platforms common targets for social engineering hacks and data theft. One of the largest ever data breaches involved 1.5 billion records leaked of mortgage information, buyer and seller data, homeowner’s association liens, and property history from Real Estate Wealth Network, a mortgage education platform based in New York.
How are mortgage firms targeted by cyberattacks?
In a survey of banking and mortgage firms, 49% identified spear phishing and email hacks as one of the most significant cybersecurity threats in the industry. Insider threats, like employees leaking confidential information or taking proprietary knowledge to other actors, are also a concern. Ransomware and social engineering hacks have a significant role in the mortgage fraud landscape, as a slew of late 2023 industry attacks showed. Some of the major players targeted by recent successful cyberattacks include:
- Mr. Cooper: In October 2023, a ransomware hack affected nearly 14.7 million users, past and present. The hack also affected up to 32,000 reverse mortgage customers with Mr. Cooper. The data breached included bank numbers, names, home addresses, phone numbers, and Social Security numbers.
- Fidelity National Financial: A social engineering hack claimed by cybercrime group AlphV/Black Cat took down Fidelity National Financial systems in a report filed with the SEC in November 2023. Partner organization F&G Annuities and Life was reportedly unaffected by the data breach.
- First American Financial: First American, the second largest title insurance company in the US, was compromised in a December 2023 cyberattack. This hack involving the theft of company data comes on the heels of a $1 million settlement between First American and the New York Department of Financial Services just the month before. The company settled allegations that it improperly protected customers’ data in an earlier 2019 breach.
- LoanDepot: LoanDepot’s IT systems were taken offline when an unidentified third party accessed the company network in January of 2024. Approximately 16.6 million consumers were affected by the breach.
Why is the mortgage industry so vulnerable to cybercrime? Some cybersecurity experts say a crucial answer lies in the proliferation of individual access points. Login pages and self-serve payment portals are primary targets for sophisticated cybercriminals, who are often more than up to cracking re-used passwords and infiltrating less secure systems.
Consequences of cyber attacks in the mortgage industry
Cybercrime in the mortgage industry affects the financial systems and services targeted, the associated real estate market, and American homebuyers. Mortgage-centered cybercrime has far-reaching results, including:
- Delayed payments: Delayed payments reverberate throughout the American economy but can also impact the individual user. Stolen records or payments can affect consumer credit scores, as mortgage history is important to credit history. Cyber attacks on a mortgage company may not only mean a problem for that particular business but also for the individual who has entrusted their financial well-being to that system.
- Delayed closing times: The mortgage industry involves a unique sense of time pressure because of the fast pace of most real estate markets. Delayed closing times can make the difference between missing out on a home or opportunity at a more affordable or lucrative rate. Fluctuating interest rates mean failing to close on time, which can result in your rate lock expiring and paying more for interest.
- Loss of consumer trust: According to studies, 66% of American consumers would not trust a company that has experienced a data breach involving their personal information.
- Higher costs: Every dollar of fraud and cybercrime in the mortgage industry costs lenders just under $5 in additional fines, legal fees, systems updates, security training, labor, and more. This represents nearly a dollar increase since pre-pandemic loss rates. The increased expenses of these hacks are often passed onto the consumer with fewer loan approvals and higher interest rates.
- Class action lawsuits: When companies act carelessly with consumer data, they can be held accountable via a class action lawsuit. For instance, in 2021, Lakeview Loan Servicing experienced a data breach that affected 2.5 million mortgage holders and users. Afterward, consumer protection firms sued the company eight times.
These consequences, along with rising rates of mortgage fraud, should send a clear signal to financial services. The time to invest in better network security was yesterday. Consumers deserve more from the mortgage industry, and American homebuyers deserve data protection.
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
