Skip to main content

New Calendar, Or Dictionary, Needed For AnnieMac

Nov 20, 2024
AnnieMac Data Breach (1)
Staff Writer

Half-a-dozen class-action law firms have launched investigations into AnnieMac's "proactive" handling of a late-August data breach.

At least six class-action law firms have launched investigations into AnnieMac Home Mortgage’s (“AnnieMac”) handling of a data breach that occurred between Aug. 21-23, 2024, exposing the names and social security numbers of more than 171,000 customers.

AnnieMac became aware of the incident on Aug. 23, though only alerted impacted customers last week. Waiting nearly three months to warn customers that their personal financial data may have landed in the hands of cybercriminals “may have violated state and federal laws,” says the press release issued by Schubert Jonckheer & Kolbe LLP, a firm specializing in class actions.

After becoming aware of the incident on Aug. 23., AnnieMac conducted a forensic investigation and determined that cybercriminals infiltrated its “inadequately secured computer environment and thereby gained access to its data files,” reads the press release from Murphy Law firm.

In contrast, AnnieMac CEO Joe Panebianco has applauded his team’s “vigilance and expertise” in the aftermath of the breach. Couched in remarks about increasing rates of cybercrime across the financial sector, Panebianco said AnnieMac “acted swiftly and decisively to contain the event, minimize potential harm, and notify those impacted.”

Panebianco highlighted the “proactive measures taken” in response to the incident, to include the following actions “immediately” taken: securing its systems and neutralizing the breach; collaborating with cybersecurity experts to assess and reinforce its defenses, and offering complimentary credit monitoring as well as identity theft protection services to impacted customers.

If this were a home invasion, one wonders whether expelling the intruders, barricading the doors, dialing the authorities, and Googling “best dog breeds for home security” while waiting for the authorities to arrive would be considered “proactive."

AnnieMac’s filing of a notice of data breach with Maine’s Office of the Attorney General begs clarification of the company’s incident response timeline. NMP reached out to AnnieMac to inquire about the timeline and characterization of AnnieMac's incident response, but a spokesperson was not immediately available.

In its Maine filing, AnnieMac said it became aware of the data breach on Oct. 15. The company issued letters on or around Nov. 14, only then notifying customers whose personal data may have been compromised and offering complimentary credit monitoring and identity theft protection services.

Moreover, that letter begins: “On August 23, 2024, AnnieMac became aware of suspicious activity on certain systems within its network.” Whether Aug. 23 or Oct. 15 should serve as the effective date of its “notification event,” lawyers for the lender and affected customers will decide.

"Our proactive response underscores our commitment to safeguarding our customers’ trust,” Panebianco continued in AnnieMac's press release. “We’ve strengthened our systems, enhanced employee training, and refined our response protocols to further fortify our defenses.”

The following law firms have announced investigations into AnnieMac’s handling of the incident:

About the author
Staff Writer
Ryan Kingsley is a staff writer at NMP.
Published
Nov 20, 2024
CFPB Medical Debt Rule Could See Delay, Reconsideration

President Trump orders agencies to potentially reopen comments on new rules

Treliant Names Andrew Surgan Managing Director

Surgan to help clients mitigate regulatory risk and streamline compliance in 'uncertain environment'

Jan 21, 2025
Equifax Paying $15 Million For Consumer Dispute Failures

The CFPB filed a lawsuit against fellow credit-giant Experian two weeks ago alleging the same

New Maryland Licensing Regs Spark Funding Uncertainty

Actions taken this week require all secondary market investors to be NMLS licensed in the state

How To Help Borrowers Spot Red Flags Of Mortgage Fraud

Nine years after a foreclosure relief scam unfolded, the FTC is releasing seized funds. Lessons for LOs abound in how it all went down.

The Mortgage Firm Settles Redlining Claims With Justice Department

Referral networks' disparate impacts on display in third redlining settlement with a nonbank mortgage lender

Jan 09, 2025