The California Office of the Attorney General disclosed a data breach involving TBI Mortgage Company on August 5, 2019. Although no direct system compromise was confirmed, the incident led to identity theft reports where attackers accessed personal information, including names, Social Security numbers, email addresses, and dates of birth of affected individuals. The exposure of such sensitive data poses significant risks, including financial fraud, unauthorized account access, and long-term identity misuse. In response, TBI Mortgage Company offered 12 months of free credit monitoring and identity restoration services to mitigate potential harm. The breach highlights vulnerabilities in data protection, particularly when personally identifiable information (PII) is exposed without immediate detection of a system intrusion. The lack of a confirmed system compromise suggests potential third-party exploitation or insider negligence, though the exact attack vector remains undisclosed. The incident underscores the critical need for robust monitoring and proactive measures to prevent identity theft stemming from unauthorized data access.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-149473
TPRM report: https://www.rankiteo.com/company/toll-brothers-mortgage-company
"id": "tol428082025",
"linkid": "toll-brothers-mortgage-company",
"type": "Breach",
"date": "6/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services (Mortgage)',
'location': 'California, USA',
'name': 'TBI Mortgage Company',
'type': 'Private Company'}],
'customer_advisories': 'Twelve months of free credit monitoring and identity '
'restoration services offered',
'data_breach': {'personally_identifiable_information': ['names',
'Social Security '
'numbers',
'email addresses',
'dates of birth'],
'sensitivity_of_data': 'High (includes SSNs, dates of birth)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2019-08-05',
'description': 'The California Office of the Attorney General reported a data '
'breach notification from TBI Mortgage Company on August 5, '
'2019. While no system compromise was identified, reports of '
'identity theft incidents involving personal information such '
'as names, Social Security numbers, email addresses, and dates '
'of birth were noted. TBI Mortgage Company is offering twelve '
'months of free credit monitoring and identity restoration '
'services to affected individuals.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'identity theft reports',
'data_compromised': ['names',
'Social Security numbers',
'email addresses',
'dates of birth'],
'identity_theft_risk': 'High (reported incidents)'},
'investigation_status': 'No system compromise identified; identity theft '
'incidents reported',
'references': [{'date_accessed': '2019-08-05',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General',
'remediation_measures': 'Offered twelve months of free credit '
'monitoring and identity restoration '
'services to affected individuals'},
'title': 'TBI Mortgage Company Data Breach (2019)',
'type': 'Data Breach'}