FHA Enacts New Cybersecurity Reporting Requirements – NMP Skip to main content

FHA Enacts New Cybersecurity Reporting Requirements

May 29, 2024
cybesecurity
Associate Editor

FHA mortgagees experiencing a potential or actual cyberattack must notify HUD within 12 hours.

The Federal Housing Administration (FHA) recently published new Cybersecurity Incident Reporting Requirements, significantly enhancing reporting regime for incidents of cyber breaches. According to its Mortgagee Letter (ML) 2024-10, published May 23, FHA-approved mortgagees are to notify the Department of Housing and Urban Development’s (HUD) within 12 hours of detecting a cyber incident. 

The new section detailing a Significant Cybersecurity Incident (V.A.2.b.viii), states FHA-approved mortgagees that experience a potential or actual cyber incident must notify HUD via the FHA Resource Center and HUD’s Security Operations Center within 12 hours of detection with required information as outlined in the ML. Once notified of an incident, representatives from HUD will contact the designated representative from the institution reporting the incident to determine the appropriate mitigation steps.

The requirements, which are effective immediately, are part of HUD’s commitment to the security and integrity of all its systems and technology supporting FHA operations.

Mortgage servicers have increasingly been targeted for cyberattacks, causing borrowers' personal information to be compromised. In late 2023 and early 2024, four major mortgage servicers, Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot, were targeted in cyberattacks. Other than having consumer and corporate data compromised, the attacks delayed closing times on new loans and prevented customers from making payments.

The breaches have also led to a number of class action lawsuits against lenders that are being scrutinized for how those data breaches were handled. loanDepot Inc. is facing a class action lawsuit alleging its “willful failure” to prevent a data breach. Mr. Cooper Group also faces a class action lawsuit after suffering a major data breach, and is accused of failing to implement safeguards and not being timely and transparent in communicating with customers. 

About the author
Associate Editor
Katie Jensen is a mortgage news reporter at NMP.
Published
May 29, 2024
Solidifi Clears FHA Certification For UAD 3.6 Integration

The appraisal management company says it is the first to complete certification for FHA’s modernized EAD platform, giving lender clients an early path toward implementation

Vought To Face Congress Over CFPB Overhaul, Enforcement Pullback

Vought’s testimony also comes as a new poll suggests the CFPB retains broad support across party lines

Illinois Changes Property Tax Foreclosure Process To Return Surplus Equity

Borrowers can save remaining home equity after delinquent property taxes and fees are paid

CFPB Weighs Changes To TRID Timing And Mortgage Rescission Rules

The bureau is seeking feedback on whether federal disclosure requirements raise costs, delay closings or limit access to mortgage credit

CFPB Issues AI Underwriting Guidance On Adverse Action Notices

The agency says proprietary and machine-learning models do not relieve lenders of their fair lending and disclosure responsibilities

VantageScore Says 4.0 Model Could Unlock $1 Trillion In Mortgage Originations

New study says VantageScore 4.0 scores five million more creditworthy borrowers than FICO Score 10T, expanding lending opportunities as the industry prepares for the GSE credit score transition