On November 23, 2022, HomeTrust Mortgage reported a data breach with the Attorney General of Montana after hackers carried out a successful ransomware attack against the company, compromising consumer data stored on the company’s computer system. According to HomeTrust Mortgage, the breach resulted in the names, addresses and Social Security numbers of certain customers being compromised. Recently, HomeTrust Mortgage sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
If you were shocked to receive a data breach letter from a mortgage bank, you are not alone. Consumers implicitly trust companies—especially those in the financial services industry—to keep their information secure. Not surprisingly, these businesses are frequently targeted in cyberattacks because they typically store information that is valuable to hackers. However, as we’ve discussed in other posts, U.S. data breach laws allow for victims of a data breach to pursue a claim for compensation against any company that negligently leaked their data. While it’s too early to tell if HomeTrust Mortgage was negligent, that possibility cannot be ruled out.
What We Know About the Home Mortgage of America Data Breach
The available information regarding the Home Mortgage of America breach comes from the company’s filing with the Attorney General of Montana. According to this source, on July 15, 2022, HomeTrust Mortgage was made aware of suspicious activity within its computer system. In response, the company began working with third-party data security experts to better understand the incident and whether any consumer information was compromised as a result.
The HomeTrust Mortgage investigation confirmed that the company was victimized in a ransomware attack and that an unauthorized party had gained access to the HomeTrust Mortgage network. The investigation also revealed that the unauthorized party removed some of the files from the company’s network and that these files contained sensitive consumer information.
Upon discovering that sensitive consumer data was made available to an unauthorized…