HomeTrust Mortgage

HomeTrust Mortgage operates as a mortgage lending institution headquartered in the United States. The company's core business involves originating and servicing residential mortgage loans, which necessitates the collection and processing of extensive consumer personal and financial information. This data typically includes sensitive details such as full names, physical addresses, and Social Security numbers, which are standard components of a mortgage application and underwriting process. By handling this type of information, HomeTrust Mortgage functions within the highly regulated financial services sector, adhering to requirements that govern consumer data protection and privacy. The nature of its services is directed toward individual consumers seeking to purchase or refinance residential properties, placing it squarely in the consumer finance market. Its operational model relies on maintaining secure systems to safeguard the confidential data entrusted to it by applicants and borrowers.

On July 15, 2022, HomeTrust Mortgage experienced a significant security incident when a ransomware attack successfully breached its network defenses. An unauthorized party gained access to internal systems and exfiltrated sensitive files containing consumer data. The compromised information included personally identifiable details like names, addresses, and Social Security numbers, creating a substantial risk for identity theft and fraud among affected individuals. Following the discovery of the attack, the company engaged third-party cybersecurity experts to conduct a forensic investigation and validate the scope of the breach. This investigation confirmed both the unauthorized access and the removal of data. In compliance with applicable breach notification laws, HomeTrust Mortgage subsequently notified all individuals whose information was potentially impacted. The company provided these affected consumers with guidance on protective measures they could take to mitigate potential harm, including steps to monitor their credit and guard against fraudulent activity. This incident underscores the persistent threat of ransomware to financial institutions that manage large volumes of sensitive consumer data.