Posted On November 22, 2022 Consumer Privacy & Data Breaches
On November 23, 2022, HomeTrust Mortgage, which does business under the name Home Mortgage of America, filed notice of a data breach with the Montana Attorney General after a ransomware attack compromised sensitive consumer information stored on the company’s computer system. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses and Social Security numbers. After confirming that consumer data was leaked, HomeTrust Mortgage began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the HomeTrust Mortgage data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from HomeTrust Mortgage.
The available information regarding the Home Mortgage of America breach comes from the company’s filing with the Attorney General of Montana. According to this source, on July 15, 2022, HomeTrust Mortgage was made aware of suspicious activity within its computer system. In response, the company began working with third-party data security experts to better understand the incident and whether any consumer information was compromised as a result.
The HomeTrust Mortgage investigation confirmed that the company was victimized in a ransomware attack and that an unauthorized party had gained access to the HomeTrust Mortgage network. The investigation also revealed that the unauthorized party removed some of the files from the company’s network and that these files contained sensitive consumer information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Home Mortgage of America began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address and Social Security number.
On November 23, 2022, Home Mortgage of America sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1986, HomeTrust Mortgage is a non-depository mortgage bank based in Houston, Texas. The company operates 13 locations throughout Texas, New Mexico, Alabama, Florida, Georgia, Tennessee, Oklahoma, and Colorado. Home Mortgage of America employs more than 100 people and generates approximately $23 million in annual revenue.
In its data breach letter, HomeTrust Mortgage explains that the recent data leak was the result of a ransomware attack. Ransomware attacks are one of the most common ways cybercriminals orchestrate attacks designed to obtain consumer data. In fact, according to the Identity Theft Resource Center (“ITRC”), the total number of successful ransomware attacks increased significantly between 2020 and 2021, from 158 attacks in 2020 to 321 attacks in 2021. And each of these cyberattacks can impact the personal information of tens of thousands of people. The ITRC also reports that in 2021 alone, more than 41 million people were victimized by ransomware attacks. That’s about 13 percent of the United States population.
Ransomware attacks have been around for decades; however, it wasn’t until recently they became one of hackers’ preferred cyberattacks. In part, this is due to technological advancements that now allow cybercriminals to easily target the most valuable data types, such as Social Security numbers, financial account information, and protected health information.
When a hacker carries out a ransomware attack, they start by installing malicious software on a victim’s device. Usually, they either use an email phishing attack or place a line of malicious code on the company’s website. Then, hackers encrypt the data on the device, preventing anyone within the organization from logging in. When an employee attempts to log in, they see a message from the hackers demanding a ransom.
Traditionally, the risk of not paying a ransom was that a company would lose access to its computer network. However, more recently, hackers have started taking a more aggressive approach by threatening to publish the stolen data on the dark web if the organization does not pay the ransom. Of course, not every ransomware attack results in consumer data being published on the dark web; however, this isn’t a chance that most organizations (or consumers) are willing to take. Thus, the threat of publishing data adds to an organization’s incentive to pay the ransom—and many organizations end up paying these ransoms.
Given the frequency and risks of ransomware attacks, it is important for both consumers and organizations in possession of consumer data to understand what ransomware attacks are, how they can be prevented, and what can be done to limit their effects, including identity theft and other frauds.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the HomeTrust Mortgage data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.