Fairway Independent Mortgage Corporation was hit with a data breach at the end of last year because of a third-party bug, according to a notice filed with the Attorney General of Massachusetts.
On February 2, 2024, the company filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized user had accessed a third-party system utilized by Fairway. However, the breach was initially detected on December 4.
According to the notice, Fairway’s Information Security Team “received notification that an unauthorized user had successfully accessed a third-party system utilized by Fairway,” Bryan Ramsey, vice president of information security incident response at Fairway, wrote in a letter sent on Feb. 2 to individuals affected by the incident in Massachusetts.
Per Fairway, the breach exposed sensitive customer information, including Social Security numbers, bank account details, and more. Fairway did not disclose who the third party was.
The incident, which affected 430 customers in Massachusetts and had an undisclosed nationwide impact, has led the company to provide complimentary identity theft protection and credit monitoring to those affected.
“Fairway promptly implemented the patch after it was released by the developer to rectify the newly identified vulnerability,” Ramsey wrote. “Although the engagement of a third-party security firm was initiated for the expeditious analysis of the data to identify impacted customers, it took an extended duration for the firm to uncover the relevant information.”
The letter outlined the next steps customers could take, including changing passwords, reviewing credit and account statements, filing a police report for identity theft or placing a security freeze on credit reports, free of charge. "A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization," Ramsey wrote.
Fairway is among the vast list of mortgage companies affected by cyberattacks recently, including Mr. Cooper Group, First American and Fidelity National Financial Inc., the parent of servicer LoanCare.
