Skip to main content

Fairway Independent Latest Victim Of Cyber Attack

Mar 01, 2024
cybersecurity
Staff Writer

A data breach in December exposed customer information.

Fairway Independent Mortgage Corporation was hit with a data breach at the end of last year because of a third-party bug, according to a notice filed with the Attorney General of Massachusetts.

On February 2, 2024, the company filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized user had accessed a third-party system utilized by Fairway. However, the breach was initially detected on December 4. 

According to the notice, Fairway’s Information Security Team “received notification that an unauthorized user had successfully accessed a third-party system utilized by Fairway,” Bryan Ramsey, vice president of information security incident response at Fairway, wrote in a letter sent on Feb. 2 to individuals affected by the incident in Massachusetts. 

Per Fairway, the breach exposed sensitive customer information, including Social Security numbers, bank account details, and more. Fairway did not disclose who the third party was.

The incident, which affected 430 customers in Massachusetts and had an undisclosed nationwide impact, has led the company to provide complimentary identity theft protection and credit monitoring to those affected.

“Fairway promptly implemented the patch after it was released by the developer to rectify the newly identified vulnerability,” Ramsey wrote. “Although the engagement of a third-party security firm was initiated for the expeditious analysis of the data to identify impacted customers, it took an extended duration for the firm to uncover the relevant information.”  

The letter outlined the next steps customers could take, including changing passwords, reviewing credit and account statements, filing a police report for identity theft or placing a security freeze on credit reports, free of charge. "A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization," Ramsey wrote.

Fairway is among the vast list of mortgage companies affected by cyberattacks recently, including Mr. Cooper Group, First American and Fidelity National Financial Inc., the parent of servicer LoanCare. 





 

About the author
Staff Writer
Sarah Wolak is a staff writer at NMP.
Published
Mar 01, 2024
More from
Operations
The Human Touch Works Wonders

Sometimes buyers need emotional intelligence, not artificial

Feb 14, 2025
Mr. Cooper Bets Big on AI, Expands Tech for Better CX

After Flagstar onboarding last year, Mr. Cooper reports 4Q net income of $204M

Feb 12, 2025
Masters Of Tomorrow

How to get on lenders’ most-wanted list

Feb 07, 2025
Cash And Desperation To Drive Home Sales This Year

Fannie Mae lowered its 2025 originations forecast by 2.5%, and total home sales forecast by 2.25%, this week.

Jan 23, 2025
CFPB Medical Debt Rule Could See Delay, Reconsideration

President Trump orders agencies to potentially reopen comments on new rules

Spiking Escrows Shock Unsuspecting Borrowers

One-third of typical mortgage payment now made up of taxes and insurance

Jan 22, 2025