On Q reveals cyber incidents affecting over 200,000 people

other Cyber ​​hackers hit a mortgage lenderthe latest exposure of personal data exceeded 200,000 people.

On Q Financial, which reported details of the security incident last week in a filing with the Maine Attorney General’s Office, initially learned of “suspicious activity” on Feb. 20 via a vulnerability in the software program Screenconnect. This application is used for remote access to the On Q computer network.

Upon receiving the notification, On Q immediately began investigating and installing a patch for Screenconnect software owned by Connectwise, and then discovered that the data had been compromised.

“On March 14, 2023, an investigation determined that a Connectwise vulnerability allowed unknown individuals to access our computer network and that some of our customers’ personal information was exfiltrated from our network,” the company wrote in a letter sent to affected companies. .”customer.

The documents said the personally identifiable information, including names and Social Security numbers, of 211,650 individuals across the country was discovered to have been compromised.

In the letter, the company said it would provide credit monitoring and fraud assistance services for a year by Transunion subsidiary Cyberscout, but said it had so far found no evidence that personal data had been misused.

Neither On Q Financial nor its legal representatives responded to requests for comment Thursday. Last year, the Scottsdale, Arizona-based bank originated $692.5 million worth of loans, with most of its business coming from the Western United States, according to S&P Global data. The company is licensed in 44 states and the District of Columbia.

The latest cyberattack announcement is among dozens of attacks hitting mortgage lenders, servicers and title insurance agencies of all sizes in 2023 and 2024.Multiple occurrences, including data breaches Planet involving home loans and Carrington Mortgage Services, fraudsters also gained access to the company’s systems and data through vendor software, illustrating the increasing risks identified in Third-party vulnerabilities.

Other events proven or accused Attacked by ransomwarecybercriminals deny victims access to their data until a specified amount is paid.

A wave of cyber security incidents affecting the mortgage industry has put fraud reports in the spotlight, prompting the latest call Timely notifications from Ginnie Mae The order was announced to ensure that Ginnie Mae issuers can meet their obligations to investors and to minimize the impact on mortgage loan stakeholders.

News of On Q’s lawsuit quickly drew attention to complaints from across the country this week, paving the way for possible future lawsuits. On Wednesday, Oklahoma City law firm Federman & Sherwood said it had opened an investigation into the data hack and asked victims to come forward to discuss possible legal action.