Ransomware Attack Leads to Data Breach of HomeTrust Mortgage
Table of Contents
- By Steven
- Nov 24, 2022
Mortgage bank HomeTrust Mortgage is based out of Houston, TX, but has 13 separate locations in several other states – Colorado, New Mexico, Florida, Oklahoma, Alabama, Georgia, and Tennessee. The company generates around $23M annually while employing more than 100 people throughout its locations. Unfortunately, it fell victim to a ransomware attack that left many files of information exposed.
How Did the Attack Occur?
The lender noticed unusual activity in July 2022, and immediately hired an outside security team to investigate what was going on. The team discovered a ransomware attack that left a lo of data exposed and subsequently locked by the hacker(s) that gained unauthorized access to the company’s network.
What Information Was Viewed or Stolen?
Hackers were able to access a wide variety of data while in the company’s network. However, the investigation shows that there were only three basic types of personal information in the affected files: home address, full name, and social security number. This is enough information for a hacker to steal someone’s identity, so it is not a breach to be taken lightly. It is just a moment to appreciate that more was not taken during the breach itself.
How Did HomeTrust Mortgage Admit to the Breach?
HomeTrust Mortgage acknowledged the breach when it filed with the Montana Attorney General’s office. They explained that their investigation showed a successful ransomware attack and that they were able to confirm sensitive information was part of the breach. They followed up with this filing by sending out letters to any consumers they believe to have been affected by this data breach. While no one has confirmed any fault of the company in terms of negligence, it also has not yet been ruled out.
What Will Become of the Stolen Information?
The hope is that nothing comes of the stolen data, but unfortunately, no one knows what may become of that data. The hackers have not yet put the data up for sale in any place the investigation has found it, but that does not mean it will not be there at some point in the future. Hackers could use this data for financial gain, or they may sell it to those with other nefarious ideas in mind.
What Should Affected Parties Do in the Aftermath of the Breach?
The best thing that anyone in this situation can do is remain vigilant. What this means is constantly checking their personal information and accounts for anything out of place. Checking bank accounts, credit card statements, and things like personal credit reports can make spotting a problem at its earliest stages much easier.
Potential victims can also invest in services that monitor their identities for them. That way, should any of their personal data wind up on the Dark Web, they can get a notification that lets them take action before someone can use their information against them. It is always important to protect your personal data. However, following any type of data breach, the importance rises significantly.