- One of ‘Freddie Mac’s’ service vendors was hit by ransomware, and loan applicant data may have been compromised.
- The data includes sensitive information, but it was all stored in encrypted form, and so it’s unreadable.
- Freddie Mac held and handled the data of people who never had an interaction with them, and this incident reveals how these firms operate.
‘Freddie Mac,’ the government-sponsored public mortgage loan firm, and also the fourth largest (by assets) company in the United States, has announced a security incident. The notices of a data breach circulated at the moment mention the involvement of a vendor contracted by ‘Freddie Mac’ to help them with the provision of loan advisory services. Although the firm doesn’t have any evidence pointing to an actual compromise of the people’s sensitive data, the nature of the breach obliges them to notify the potentially affected individuals.
As reported in the notice, one of the contractors of ‘Freddie Mac’ has recently suffered a ransomware attack on its systems, which locked everything down and placed the operators in an “out of reach” situation. Thus, they have no way to determine what information may have been affected. The data that was stored on these systems includes the following details:
- Full Names
- Social Security Numbers
- Dates of Birth
- Credit and Bank Account Information
The breached firm clarified that all of the above was encrypted, as required by the contract agreement terms signed with Freddie Mac, so even if this data was exfiltrated, it would be unreadable.
Freddie Mac explains that even if you haven’t had any direct interaction with them, they may have your personal information stored on their systems because they have bought mortgage loans from other lending firms. Freddie Mac remains responsible for the processing of payments and customer service provision, even if the indebted individual maintains a relationship solely with the original issuer of the loan. This is to explain why this notice may have reached you, even though you had nothing to do with Freddie Mac. It’s not phishing – it’s a valid notice of a data breach that concerns you.
Thus, there are some precautionary and protective steps that you need to take from now on. First, there is an identity protection service by “Experian ID” up for grabs, and Freddie Mac is covering the costs for two years. Secondly, you can do a couple of things to protect yourself from fraud, so calling “1.800.373.3343” or “877.990.9332” and asking for more information or tips on what to do would also be a good idea. Generally, keep an eye on your credit reports and bank statements and treat incoming messages with particular suspicion.