Union Home Mortgage (UHM) suffered a June 2024 cyberattack exposing personal identifiable information (PII), including Social Security numbers, of tens of thousands of customers (e.g., 24,160 in Texas alone). The breach stemmed from unencrypted data on UHM’s network, leading to five class-action lawsuits alleging negligence in safeguarding sensitive information. Victims report suspicious activity (spam calls, credit score drops) and claim UHM delayed notifications, leaving data vulnerable for months. While UHM offered 12 months of free credit monitoring, plaintiffs argue this is insufficient given long-term identity theft risks. The company acknowledged the incident in August, stating no evidence of misuse yet, but faces accusations of breach of implied contract and unjust enrichment. The attack underscores systemic failures in data protection, with UHM’s rapid expansion (e.g., recent acquisitions) potentially overshadowing cybersecurity priorities.
TPRM report: https://www.rankiteo.com/company/unionhomemortgage
"id": "uni5402554093025",
"linkid": "unionhomemortgage",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '24,166+ (24,160 in Texas, 6 in '
'Massachusetts; total '
'unspecified)',
'industry': 'Financial Services (Housing Finance)',
'location': 'Strongsville, Ohio, USA',
'name': 'Union Home Mortgage (UHM)',
'size': '$7.6B+ annual origination volume (2023), 200+ '
'branch locations',
'type': 'Mortgage Lender/Servicer'}],
'customer_advisories': ['Notices sent to affected individuals (timing '
'disputed in lawsuits)'],
'data_breach': {'data_encryption': 'No (plaintiff alleges PII was unencrypted '
'on UHM’s network)',
'data_exfiltration': 'Likely (PII in hands of cybercriminals '
'per lawsuits)',
'number_of_records_exposed': '24,166+ (partial count; Texas: '
'24,160, Massachusetts: 6)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Potentially other '
'PII (unspecified)'],
'sensitivity_of_data': 'High (SSNs, PII)',
'type_of_data_compromised': ['PII',
'Social Security Numbers']},
'date_detected': '2024-06-25',
'date_publicly_disclosed': '2024-08-01',
'description': 'Union Home Mortgage (UHM) suffered a cybersecurity incident '
'in June 2024 that exposed the personally identifiable '
'information (PII) of tens of thousands of customers, '
'including Social Security numbers. The breach led to multiple '
'class-action lawsuits alleging negligence in data protection, '
'delayed notification, and inadequate remediation measures. '
'UHM disclosed the incident in August 2024 and offered '
'affected consumers one year of complimentary credit '
'monitoring and identity theft protection services. Plaintiffs '
'report increased suspicious activity, such as spam calls and '
'credit score declines, post-breach.',
'impact': {'brand_reputation_impact': 'Negative (multiple lawsuits, public '
'disclosure of negligence allegations)',
'customer_complaints': ['Increased spam calls/messages',
'Unexplained credit score declines',
'Class-action lawsuits (5 filed)'],
'data_compromised': ['Personally Identifiable Information (PII)',
'Social Security Numbers'],
'identity_theft_risk': 'High (PII exposed, including SSNs; '
'plaintiffs report suspicious activity)',
'legal_liabilities': ['5 class-action lawsuits (negligence, unjust '
'enrichment, breach of implied contract)',
'Potential regulatory fines']},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (plaintiffs allege '
'PII was in '
"cybercriminals' hands for "
'months)',
'high_value_targets': ['Customer PII databases']},
'investigation_status': 'Ongoing (digital forensics investigation launched; '
'no public root cause announced)',
'post_incident_analysis': {'corrective_actions': ['Enhanced security measures '
'(unspecified)',
'Credit monitoring for '
'victims']},
'recommendations': ['Implement stronger encryption for stored PII',
'Improve incident detection and response times',
'Extend credit monitoring beyond 12 months or auto-enroll '
'affected customers',
'Enhance transparency in breach disclosures (e.g., total '
'victim count, root cause)'],
'references': [{'source': 'National Mortgage News'},
{'source': 'Union Home Mortgage Public Statement (August '
'2024)'},
{'source': 'Texas State AG Data Breach Notice'},
{'source': 'Massachusetts State AG Data Breach Notice'},
{'source': 'Class-Action Complaint (Jacqueline Washington v. '
'Union Home Mortgage)'}],
'regulatory_compliance': {'legal_actions': ['5 class-action lawsuits filed '
'(Ohio federal court)'],
'regulatory_notifications': ['State attorneys '
'general offices '
'notified (Texas, '
'Massachusetts, others '
'implied)']},
'response': {'communication_strategy': ['Public disclosure in August 2024',
'Notices to state attorneys general',
'Customer notifications (delayed, per '
'lawsuits)'],
'enhanced_monitoring': "Yes (implied by 'enhanced security "
"measures')",
'incident_response_plan_activated': 'Yes (investigation launched '
'with digital forensics '
'experts)',
'law_enforcement_notified': 'Yes (authorities notified; state AG '
'offices disclosed)',
'recovery_measures': ['12 months of complimentary credit '
'monitoring and identity theft protection '
'for affected consumers'],
'remediation_measures': ['Enhanced security measures '
'(unspecified)'],
'third_party_assistance': 'Yes (digital forensics experts '
'engaged)'},
'stakeholder_advisories': ['Public statement apologizing for inconvenience',
'Credit monitoring offers'],
'title': 'Union Home Mortgage Data Breach (June 2024)',
'type': ['Data Breach', 'Unauthorized Access']}