Academy Mortgage, a prominent US mortgage lender based in Utah, has revealed that a cyberattack in March 2023 may have exposed personal details, including Social Security numbers (SSNs) of customers and employees. The company, headquartered in Utah, reached out to thousands of affected individuals, stating that attackers potentially accessed names and SSNs during the security breach. The exposure of SSNs poses significant risks, as cybercriminals could use the stolen data for identity theft. According to information provided to the Maine Attorney’s Office, around 284,443 current and former employees, customers, spouses, or dependents may have been impacted by the breach.
Academy Mortgage initiated the response to the cyberattack by detecting an issue in late March 2023. The company engaged third-party forensic specialists to conduct an investigation, and the overview was concluded in late November 2023. Despite the potential exposure, Academy Mortgage mentioned in the breach notification letter that there is no specific information indicating the misuse of personal information to date. In response to the incident, the mortgage lender has committed to providing credit monitoring services to individuals affected by the breach, aiming to mitigate potential risks associated with identity theft.
Operating over 200 branches in the United States and boasting a revenue of $1.6 billion in 2022, Academy Mortgage plays a significant role in the mortgage lending industry. The cyberattack highlights the ongoing challenges companies face in safeguarding sensitive personal information and underscores the importance of cybersecurity measures to protect against data breaches. The company’s proactive approach in reaching out to affected individuals and offering credit monitoring services reflects its commitment to addressing the impact of the security incident and mitigating potential consequences for those affected.
