Cyber Attack cyber

Nations Direct Mortgage

Nov 25, 2025 2 min read
Nations Direct Mortgage

In December 2023, Nations Direct Mortgage suffered a targeted cyberattack that exposed sensitive customer data, including names, addresses, phone numbers, email addresses, dates of birth, and Social Security numbers. The breach affected 83,108 individuals, leading to a class action lawsuit alleging inadequate data protection. Compromised data increased risks of identity theft, fraud, and financial losses, prompting the company to settle for $225,000, offering affected individuals credit monitoring, reimbursement for documented losses (up to $2,750), and cash payments for lost time. California residents received an additional $75 statutory payment. The breach highlighted vulnerabilities in handling personally identifiable information (PII), with potential long-term reputational and financial damage to both customers and the company.

Source: https://www.claimdepot.com/settlements/ndm-data-settlement

Nations Direct Mortgage cybersecurity rating report: https://www.rankiteo.com/company/myndm

"id": "MYN5822458112525",
"linkid": "myndm",
"type": "Cyber Attack",
"date": "12/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '83,108',
                        'industry': 'Financial Services',
                        'location': 'United States',
                        'name': 'Nations Direct Mortgage',
                        'type': 'Mortgage Company'}],
 'customer_advisories': ['Eligibility: U.S. residents who received breach '
                         'notice (including California subclass)',
                         'Claim options: Credit monitoring (additional 2 '
                         'years), documented losses (up to $2,750), lost time '
                         '($50), California subclass ($75)',
                         'Claim deadline: January 7, 2026',
                         'Payout methods: PayPal, Venmo, Zelle, virtual '
                         'prepaid card, or paper check',
                         'Required documentation: Unique ID/PIN from notice, '
                         'proof of losses for reimbursement claims'],
 'data_breach': {'data_exfiltration': 'Yes (confirmed in lawsuit)',
                 'number_of_records_exposed': '83,108',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Phone Numbers',
                                                         'Email Addresses',
                                                         'Dates of Birth',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High (includes SSNs)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': 'December 2023',
 'description': 'A targeted cyberattack on Nations Direct Mortgage in December '
                '2023 exposed sensitive customer information, including names, '
                'addresses, phone numbers, email addresses, dates of birth, '
                'and Social Security numbers. The breach led to a class action '
                'lawsuit, resulting in a settlement fund of $225,000 for '
                'affected individuals (83,108 class members). Eligible '
                'claimants can receive credit monitoring services, '
                'reimbursement for documented losses (up to $2,750), lost time '
                'compensation (up to $50), and an additional $75 for '
                'California residents.',
 'impact': {'brand_reputation_impact': 'Significant (led to lawsuit and '
                                       'settlement)',
            'customer_complaints': 'Class action lawsuit filed by 83,108 '
                                   'affected individuals',
            'data_compromised': ['Names',
                                 'Addresses',
                                 'Phone Numbers',
                                 'Email Addresses',
                                 'Dates of Birth',
                                 'Social Security Numbers'],
            'financial_loss': {'attorneys_fees': 'Up to $225,000',
                               'claimant_payouts': 'Up to $2,875 per claimant '
                                                   '(including $75 for '
                                                   'California subclass)',
                               'credit_monitoring_costs': 'To be determined '
                                                          '(based on claims '
                                                          'filed)',
                               'service_awards': '$2,500 each (class '
                                                 'representatives)',
                               'settlement_fund': '$225,000'},
            'identity_theft_risk': 'High (exposed PII including SSNs)',
            'legal_liabilities': 'Class action lawsuit settled for $225,000'},
 'investigation_status': 'Settled (final approval hearing on January 22, 2026)',
 'post_incident_analysis': {'corrective_actions': ['Settlement agreement with '
                                                   'financial compensation and '
                                                   'credit monitoring for '
                                                   'affected individuals'],
                            'root_causes': ['Alleged failure to adequately '
                                            'protect customer data (per '
                                            'lawsuit)']},
 'references': [{'source': 'Class Action Settlement Notice'},
                {'source': 'NDM Data Breach Incident Settlement '
                           'Administrator'}],
 'regulatory_compliance': {'legal_actions': ['Class action lawsuit settled for '
                                             '$225,000']},
 'response': {'communication_strategy': ['Settlement notices sent to affected '
                                         'individuals',
                                         'Online/mail/email claim submission '
                                         'process',
                                         'Public disclosure of settlement '
                                         'terms'],
              'remediation_measures': ['Settlement agreement with affected '
                                       'individuals',
                                       'Offered credit monitoring services '
                                       '(additional 2 years with $1M identity '
                                       'theft insurance)']},
 'stakeholder_advisories': ['Settlement notices sent to 83,108 class members',
                            'Public disclosure of claim process and deadlines'],
 'title': 'Nations Direct Mortgage Data Breach (December 2023)',
 'type': ['Data Breach', 'Class Action Lawsuit']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.