On May 15, 2023, reports began to surface about a potential Academy Mortgage data breach after a well-known ransomware group added the company to its list of victims. While Academy Mortgage has not yet verified these reports, the hackers responsible for the attack claim to have obtained a wealth of “personal data” from the mortgage provider. If, after conducting its own investigation into the incident, Academy Mortgage confirms that consumer data was leaked, the company will be required to begin sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you receive a data breach notification from Academy Mortgage, it is essential you understand what is at risk and what you can do about it. Mortgage lenders possess a tremendous amount of highly sensitive information about applicants and borrowers, including their tax records, Social Security numbers, and financial account information. Hackers who obtain this data can easily use it to commit frauds against victims, including identity theft. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Academy Mortgage data breach, please see our recent piece on the topic here.
What We Know So Far About a Potential Academy Mortgage Breach
News of the Academy Mortgage ransomware attack is still fresh; however, what we know at this point comes from several reports based on a post from the hackers who took credit for the attack. According to these sources, on May 14, 2023, the ransomware group AlphV (BlackCat) added Academy Mortgage to the group’s leak site, which is where groups post proof of successful attacks.
In this post, the group explains, “We have been in your network for a long time and have had time to study your business. In addition, we have stolen your confidential data and are ready to publish it. We have your customer/partner data, personal data, finances, confidential data and so on.”
Based on the AlphV (BlackCat) post, it appears that Academy Mortgage refused to pay the ransom, which is why the group is threatening to leak the stolen information.
Academy Mortgage has not yet confirmed that it was the victim of a ransomware attack; however, that may be because the company’s investigation is ongoing. If and when Academy Mortgage confirms that confidential consumer data was leaked, the company will begin sending out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Academy Mortgage
Founded in 1988, Academy Mortgage is an independent mortgage lender based in Draper, Utah. Academy Mortgage offers a wide range of consumer mortgage options, including conventional loans, FHA loans, VA loans, USDA loans, jumbo loans, Renovation loans, and other refinancing options. The company also makes construction loans and specialty loans to certain professionals. Academy Mortgage employs more than 2,243 people and generates approximately $1.2 billion in annual revenue.