Mortgage Bankers Association

The Mortgage Bankers Association (MBA) suffered a data breach caused by malicious code injected into its online store website. The breach was discovered on January 7, 2021, but the unauthorized acquisition of customer payment card information occurred between August 4, 2020, and September 4, 2020. The incident impacted 771 individuals, including three Maine residents whose data was compromised. The breach involved the theft of financial details, specifically payment card data, which falls under sensitive customer information. While the exact method of exploitation (e.g., skimming, supply-chain attack) was not detailed, the injection of malicious code suggests a targeted cyber intrusion aimed at harvesting transactional data. The delayed detection (nearly five months after the breach period) raises concerns about the organization’s monitoring and response capabilities. The exposed data could lead to fraudulent transactions, identity theft, or financial losses for affected customers, though no immediate reports of misuse were mentioned in the disclosure.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/92751411-f924-4267-8bd8-7c589707fc73.shtml

TPRM report: https://www.rankiteo.com/company/mortgage-bankers-association

"id": "mor527082125",
"linkid": "mortgage-bankers-association",
"type": "Breach",
"date": "8/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 771,
                        'industry': 'Financial Services (Mortgage Banking)',
                        'location': 'United States (including 3 residents in '
                                    'Maine)',
                        'name': 'Mortgage Bankers Association (MBA)',
                        'type': 'Non-Profit Trade Association'}],
 'attack_vector': 'Website Compromise (Malicious Code Injection)',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 771,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Payment Card Information']},
 'date_detected': '2021-01-07',
 'date_publicly_disclosed': '2021-01-08',
 'description': 'The Maine Office of the Attorney General reported that the '
                'Mortgage Bankers Association (MBA) experienced a data breach '
                'due to malicious code injected into its store website. The '
                'breach involved unauthorized acquisition of customer payment '
                'card information between August 4, 2020, and September 4, '
                '2020, affecting 771 individuals overall, including three '
                'Maine residents. The breach was discovered on January 7, '
                '2021, and reported on January 8, 2021.',
 'impact': {'data_compromised': ['Payment Card Information'],
            'identity_theft_risk': 'High (Payment Card Information)',
            'payment_information_risk': 'High',
            'systems_affected': ['Store Website']},
 'initial_access_broker': {'entry_point': 'Store Website (Malicious Code '
                                          'Injection)',
                           'high_value_targets': ['Payment Card Data']},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'communication_strategy': 'Public Disclosure via Maine Office of '
                                        'the Attorney General'},
 'title': 'Mortgage Bankers Association (MBA) Data Breach via Malicious Code '
          'Injection',
 'type': 'Data Breach (Malicious Code Injection)'}