Data Breach Risks for Mortgage Companies are on the rise!
Data Breach Risks for Mortgage Bankers, Lenders, & Brokers are on the rise!
With data breaches and cybersecurity attacks on the rise across our Country and the world as a whole, especially with regard to those businesses that are entrusted with highly sensitive and confidential information, today’s post is especially critical for the mortgage industry because mortgage companies are responsible for both obtaining consumers private personal information as part of the mortgage application process and protecting such from unauthorized disclosures.
Albeit most people associate the risks of data breaches with highly tech savvy computer hackers, the reality is that data breaches can come in a variety of contexts and mortgage bankers must be comprehensive in their efforts to protect all that sensitive information that is entrusted to them. For instance, in addition to the risk of a data breach that comes with ransomware and other such similar attacks, data breaches can also result from faulty computer systems, employee negligence, internal bad actors, MLO pipeline theft, and the list goes on.
As a result, in the ever-changing business environment where most business is now done online, all businesses…including mortgage bankers…must seek out and obtain the education necessary to fully understand the entirety of the data breach threat and take active steps to mitigate the harm that can be done to your businesses and their customers.
In other words, if businesses fail to obtain the necessary education and implement comprehensive loss mitigation steps to prevent and/or reduce the harm from data breaches, the short and long-term consequences can be devastating. For example, if a mortgage banker suffers a data breach the following can result:
- Cause great harm to the consumer through financial loss, identity theft, and the resources expended to recover from the breach such as credit freezes, identity monitoring, and the overall time spent due to the breach.
- The loss of business and personal reputations in the community can turn into a major long-term consequence since consumers are expecting that mortgage lenders will secure their personal information. However, because data breaches result in an immediate loss of consumer trust, this leads to a reduced customer base, lower loan volume, and diminish the reputation you have worked so hard to build.
- The Loss of Time, Energy, & Expenses can be substantial due to any business downtime suffered, the energy expended in following proper breach response protocols, and costs involved for items such as forensic investigations.
- Notification Requirements vary by state statue and include your reporting obligations to consumers and states attorney generals. Strict compliance with a state’s notification requirements are essential to mitigating exposure, because a failure to do so can result in heavy penalties and be crippling to a mortgage banker’s operations!
- Legal Ramifications after a breach can include fines, penalties, and possible private rights of action which all take away from a mortgage banker’s bottom line at a time where margins have begun to compress.
To underscore the importance of today’s topic, in March of 2021, a mortgage company agreed in a settlement to pay a $1.5 million penalty to New York State for violations of that state’s Cybersecurity Regulation.
Residential Mortgage Services, Inc. (“RMS”), a licensed mortgage banker, experienced a breach that exposed the sensitive personal data of mortgage loan applicants in 2019. This went unreported and it wasn’t until July 2020 that regulators discovered evidence of the breach as part of a safety and soundness examination of the company. As part of the settlement, RMS agreed to pay a $1.5 million penalty and undertake improvements to its existing cybersecurity program.
The bottom line is that the mortgage industry must continue to keep its guards up in today’s ever increasing threat environment!
If you have any topics that you would like to be considered, please submit any request via email..
Sean A. Stephens, Esq., CMB®
Legal Disclaimer: The information provided on this blog does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. No representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, or availability to this information. Use of, and access to, this Blog or any of the links or resources contained within the site do not create an attorney-client relationship. Broker to Banker Consulting, LLC is not a law firm and does not provide legal services.