Cyber Incident Victim: Freedom Mortgage Corporation
Date:
Apr 2023
Location:
United States of America
Summary
A cybersecurity incident at Freedom Mortgage Corporation's vendor, Mortgage Industry Advisory Corporation (MIAC), resulted in unauthorized access to consumer data containing names and Social Security numbers. The breach stemmed from a compromise of MIAC's IT network, with the vendor discovering the incident and subsequently notifying the mortgage lender. Following an investigation confirming the exposure of sensitive information, affected individuals received notifications and were offered complimentary credit monitoring services to mitigate potential risks of fraud or identity theft.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Freedom Mortgage Corporation data breach originated from a cybersecurity incident at its vendor, Mortgage Industry Advisory Corporation (MIAC). On April 6, 2023, MIAC detected unauthorized activity within its IT network, prompting an investigation that concluded on May 1, 2023, confirming that unauthorized parties had accessed sensitive consumer data entrusted to Freedom Mortgage. MIAC notified Freedom Mortgage of the breach on May 2, 2023, initiating a collaborative review of compromised files to identify affected individuals and the specific data exposed. The breach impacted customers who had provided personal information to Freedom Mortgage, with the vendor’s systems serving as the intrusion vector. Freedom Mortgage formally reported the incident to the Massachusetts Office of Consumer Affairs and Business Regulation on May 22, 2023, disclosing that attackers obtained consumers’ full names and Social Security numbers. No operational disruptions to Freedom Mortgage’s internal systems were reported, as the compromise was confined to MIAC’s infrastructure.
The compromised data exposed victims to heightened risks of identity theft and financial fraud due to the sensitivity of Social Security numbers. Freedom Mortgage delegated breach notifications to MIAC, which mailed letters to affected individuals starting May 22, 2023, confirming the exposure period from the initial April 6 detection through the May 1 investigation completion. MIAC offered impacted customers complimentary credit monitoring services as remediation, though the notification letters did not specify the number of victims or elaborate on the attacker’s methodology. Freedom Mortgage, a Florida-based lender with over 7,000 employees and $5.2 billion annual revenue, relied on its vendor’s infrastructure for data processing, transferring consumer information to MIAC as part of standard mortgage servicing operations. The breach notification emphasized the absence of evidence suggesting misuse of stolen data but acknowledged the persistent threat of exploitation inherent to exposed Social Security identifiers.