Fairway’s cyber attack filing marks latest in string of lending industry breaches

Early December incident adds company's name to growing list of targets

The rash of lending industry data breaches continues, with Fairway Independent Mortgage Corporation filing a notice of data breach with the Attorney General of Massachusetts earlier this month.

According to a Notice of Operational Incident sent by Fairway to customers, Fairway’s Information Security team were notified of an unauthorized person accessing one of the third-party systems used by the company on Dec. 4.

Fairway then implemented the patch released by the developer to address the vulnerability and tasked an outside cybersecurity firm to identify any impacted customers. However, “it took an extended duration for the firm to uncover the relevant information.”

Fairway sent out the aforementioned operational incident notices to affected customers on Feb. 2. The notice states that Fairway is not aware of “any actual misuse of your personal information as a result of this incident,” but divulged that personal information that may have been compromised included names, Social Security numbers, addresses, banking information and credit card account numbers.

Fairway joins a growing list of high-profile lenders and other mortgage industry-adjacent companies that have been affected in recent months. A cyber attack on Mr. Cooper forced the lender to take its systems offline for days as it surveyed the damage in the aftermath. Fidelity National Financial was targeted in November, with First American Financial Corp. being victimized the following month. LoanDepot informed customers of a “cyber incident” in January, recently disclosing to government regulators that the breach will cost the company between $12 and $17 million.


More Headlines