Academy Mortgage breach exposes 285K people


An attack on Academy Mortgage may have exposed personal details, including the Social Security numbers of customers and employees, the company has revealed.

The US mortgage lender, based in Utah, reached out to thousands of affected individuals about a March 2023 cyberattack. According to the company, attackers may have accessed individuals’ first and last names as well as their Social Security numbers (SSNs).

Losing SSNs poses significant risks, as impersonators can use the stolen data for identity theft.

ADVERTISEMENT

According to information that Academy Mortgage provided to the Maine Attorney’s Office, 284,443 of the company’s current and former employees, together with customers, their spouses, or dependents, may have been impacted by the breach.

The breach notification letter sent to impacted individuals reveals that the attack occurred in late March 2023. The lender detected an issue and engaged “third-party forensic specialists,” to investigate it, concluding the overview in late November 2023.

“To date, we have not received information of a specific misuse of personal information,” Academy Mortgage said.

The company said that it would provide impacted people with credit monitoring services.

Academy Mortgage operates over 200 branches in the US and enjoyed a revenue of $1.6B in 2022.