Data Breach Exposes Personal Information of WEI Mortgage Customers
The Virginia-based firm WEI Mortgage has disclosed recently that it has been hit by a data breach which could have led to sensitive personal data of its customers getting exposed.
WEI Mortgage is a subsidiary of Arc Home and provides quality mortgages to home buyers and homeowners, with a coverage including 45 states and with offices in New Jersey and Virginia. A data breach notice released by the company states- “WEI Mortgage LLC (“WEI”) recently discovered a data privacy incident that may affect the security of certain of personal information. We take this incident very seriously and are providing potentially affected individuals with information and access to resources to help them better protect against potential misuse of personal information, should they feel it appropriate to do so.”
It was in September last year that WEI Mortgage detected unusual activity in an employee’s email account, which made the company carry out an investigation. The purpose of the investigation was to confirm the security of the company network and also to determine the nature and the scope of the event. It was thus found that the company was the victim of an email phishing attack, which had lead to unauthorized access to the email accounts of certain employees. The WEI Mortgage breach notice says- “While the investigation found no evidence of actual or attempted misuse of personal information, the investigation revealed some personal information was present in the impacted email accounts at the time of the incident.”
The notice further says- “The investigation determined the information present in the impacted email account varies by individual, but may include some combination of the following: Social Security number, date of birth, health insurance information, health insurance group number, health insurance member number, address, driver’s license or state identification number, passport number, bank account information, credit or debit card information, tax identification number, username and password, loan package information, and name.”
Though no details have been revealed as regards the size of the breach or the number of customers who could have been affected, WEI Mortgage makes it clear that it takes the security of personal information in its care very seriously and that it is “…working diligently to educate its employees about phishing scams and to confirm the ongoing security of its networks. ” The company has also notified law enforcement of this incident, plus applicable state regulators as required by the law. Moreover, as an added precaution, the company has offered affected people access to 24 months of credit monitoring and identity theft restoration services at no cost.
Kevin Jones754 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.