Carrington Mortgage Services became the latest victim of a data breach when it was discovered that personally identifiable information (PII) including partial social security numbers of their customers was exposed in a ransomware attack on their third party vendor, Alvaria. While still early in the disclosure phase, at least 4,000 residents of Massachusetts were impacted according to filings to the Attorney Generals office.
Alvaria offers call center software solutions and workflow engagement services and is based in Massachusetts. Carrington Mortgage Services provides residential home mortgage lending services and is a subsidiary of Carrington Holding Company.
It was reported that the attacked occurred March 9 and Carrington was able to restore their backup copies of the data, but according to leaked documents on the dark web, the damage was already done. Once again highlighting the importance of basic third party cyber risk monitoring and due diligence to help mitigate these risks.
Read more at National Mortgage News.
