Perry Johnson Mortgage Company, Inc. (PJM) reported a data breach to the Attorney General of Montana on July 22, 2024. The breach occurred when one of PJM’s IT vendors experienced a security incident between March 27, 2023, and May 2, 2023, allowing unauthorized access to sensitive customer information stored on the vendor’s system. Initially, PJM did not believe that customer data was compromised, but further investigation confirmed that certain information was accessible to the unauthorized party.
Upon discovering the breach, PJM launched an internal investigation with the assistance of external cybersecurity experts to determine the extent of the compromised data and identify affected individuals. PJM completed this review on June 26, 2024, confirming that some customer data had indeed been accessed by unauthorized parties. Following this discovery, PJM began sending out data breach notification letters to all individuals whose information may have been impacted by the incident.
The public notification on the Montana Attorney General’s website did not specify the types of data compromised; however, the personalized letters sent to affected customers likely provided details about what specific information was leaked. This breach highlights the vulnerability of customer data when relying on third-party vendors for IT services.
Perry Johnson Mortgage Company, Inc., based in Troy, Michigan, operates in about 20 states across the United States. The company employs more than 25 people and generates approximately $5 million in annual revenue. PJM’s prompt response and transparency in notifying affected customers demonstrate its commitment to addressing the breach and protecting its customers’ sensitive information.
Reference: