In This Article
Between October 2023 and October 2025, cyberattacks against mortgage lenders exposed the personal data of over 47 million Americans. Mr. Cooper lost 14.7 million customer records. LoanDepot lost 16.9 million. Settlement costs alone exceeded $86.6 million.
Those numbers represent borrowers who trusted their mortgage company with Social Security numbers, bank account details, and financial histories. Every breach breaks that trust. And once broken, trust does not come back easily.
For mortgage companies competing on service and reputation, cybersecurity is no longer an IT line item. It is a trust signal that borrowers, warehouse lenders, and regulators all evaluate before doing business with you.
The Mortgage Breach Epidemic
The mortgage industry has been hit harder than most financial services sectors in the last two years. Here is what the data shows:
| Incident | Date | Records/Data Lost | Cost/Impact |
|---|---|---|---|
| Mr. Cooper | Oct 2023 | 14.7M customer records | $25M+ response costs |
| LoanDepot | Jan 2024 | 16.9M records (ransomware) | $86.6M settlement |
| McLean Mortgage | Oct 2024 | 1TB — loans, payroll, tax files | Black Basta ransomware |
| SitusAMC | Nov 2024 | Vendor breach (JPM, Citi, MS) | Multi-bank exposure |
| Union Home Mortgage | Jun 2025 | SSNs, addresses, passports | 2+ month notification delay |
| Marquis Software | Aug 2025 | 700+ FI customers exposed | Ransom paid, OFAC risk |
The common thread is not sophisticated attacks. Most of these breaches exploited stolen credentials, unpatched systems, or weak access controls. Basic security hygiene would have prevented or limited the damage in every case. For a detailed look at how continual monitoring catches these gaps before attackers do, see our companion article.
Why Cybersecurity Is Now a Trust Signal
Borrowers choosing a mortgage company evaluate rates, service speed, and reputation. Cybersecurity sits underneath all three. A breach disrupts operations, delays closings, and destroys the reputation you spent years building.
Three audiences now evaluate your security posture directly:
Borrowers
A 2025 TransUnion survey found that 29% of consumers in 18 countries reported financial losses due to fraud, averaging $1,747 per incident. Borrowers are paying attention. Companies that can demonstrate strong data protection win the trust comparison.
Warehouse Lenders and Partners
Correspondent and warehouse partners increasingly request security documentation before extending credit lines. Your Microsoft Secure Score, MFA enrollment rate, and incident response plan are all part of that evaluation.
Regulators
The FTC Safeguards Rule requires mortgage lenders to maintain a written information security program, designate a Qualified Individual, enforce MFA, and report breaches affecting 500+ consumers within 30 days. Non-compliance fines run up to $100,000 per violation. The NYDFS levied a $2 million penalty in 2025 for Part 500 violations and can fine up to $250,000 per day for ongoing non-compliance.
The Trust Equation Has Changed
Before 2023, a mortgage company's cybersecurity posture was invisible to borrowers. After 47 million records leaked across five major breaches, security is now a visible trust signal. Borrowers, partners, and insurers all ask the same question: "Can you prove your data is protected?"
Building Trust With Guardian Security Insights
Guardian Security Insights from ABT helps mortgage companies build demonstrable trust through four capabilities:
Visible Security Posture. Guardian tracks your Microsoft Secure Score across Identity, Devices, Apps, and Data. A score trending from 40% to 90% is a trust signal you can share with partners, insurers, and auditors. It is proof that your security program works.
Proactive Vulnerability Management. Guardian flags stale accounts, MFA gaps, and unmanaged devices before they become attack vectors. The mortgage breaches of 2023-2025 exploited exactly these weaknesses. Closing them proactively is the difference between prevention and crisis response.
Automated Compliance Documentation. Guardian generates the reports that FTC examiners, auditors, and insurance underwriters request. Compliance prep that used to consume 20 hours per week shrinks to automated delivery. One mortgage company client cut audit preparation time by 50%.
Executive-Ready Reporting. Board members and C-suite leaders receive clear dashboards showing security progress, risk reduction, and compliance status. No technical translation needed. This transparency builds internal confidence and enables faster decision-making.
How Does Your Security Posture Compare?
The average mortgage company Secure Score that ABT encounters on first assessment is below 40%. Where does yours stand?
Get Your Security GradeCybersecurity as Competitive Advantage
Most mortgage companies treat cybersecurity as a cost center. The ones winning market share treat it as a differentiator.
For every dollar not spent on prevention, mortgage companies pay $10 to $50 in breach response costs. Mr. Cooper's breach alone cost $25 million in direct response.
- Attract security-conscious borrowers. When borrowers compare lenders, the company that can articulate its data protection approach wins trust. ABT serves 750+ financial institutions with this approach.
- Strengthen partner relationships. Warehouse lenders extend larger credit lines to partners with documented security programs. A strong Secure Score is financial leverage.
- Lower insurance costs. Cyber insurance premiums correlate directly with security posture. Higher scores mean lower premiums. That saving flows straight to the bottom line.
- Avoid the breach nightmare. The IBM 2025 Cost of a Data Breach Report puts the global average at 241 days to detect and contain a breach. Continual monitoring shrinks that window to hours. For a breakdown of how hidden IT complexity drives up breach costs, see our cost analysis.
Your Trust-Building Action Plan
- Check your Secure Score today. In ABT's experience across 750+ financial institutions, scores below 60% typically indicate significant control gaps that borrowers, partners, and regulators will surface.
- Enforce 100% MFA. The FTC Safeguards Rule requires it. Your cyber insurer expects it. Every mortgage breach in the last two years involved credential-based access that MFA would have blocked.
- Clean up stale accounts. Every inactive account is an open door. ABT recommends a 90-day inactivity threshold as a baseline. Disable stale accounts and reclaim the licenses.
- Document your security program. The FTC requires a written information security plan. Having one is the minimum. Having one that produces measurable results is the differentiator.
- Make security visible. Share your Secure Score improvement with partners. Include security posture in your marketing. Borrowers trust companies that are transparent about protection.
Frequently Asked Questions
Borrowers share Social Security numbers, bank account details, and financial histories during the mortgage process. A data breach exposes that information and triggers customer churn rates of 18-25% in financial services. A 2025 TransUnion survey found 29% of consumers reported fraud losses averaging $1,747 per incident. Companies that demonstrate strong data protection through visible security metrics build trust that directly influences borrower decisions.
The FTC Safeguards Rule requires mortgage lenders to maintain a written information security program, designate a Qualified Individual to oversee it, conduct periodic written risk assessments, implement MFA for system access, encrypt customer data in transit and at rest, perform annual penetration testing, and report breaches affecting 500 or more consumers within 30 days. Non-compliance can result in fines up to $100,000 per violation.
Recent mortgage breaches have been exceptionally costly. Mr. Cooper's October 2023 breach cost at least $25 million in response. LoanDepot's January 2024 breach led to a $86.6 million settlement. The Marquis Software breach in August 2025 impacted over 700 financial institutions through a single vendor compromise. The industry pattern shows that for every dollar not invested in prevention, mortgage companies pay $10 to $50 in breach response costs.
Yes. Cybersecurity is becoming a competitive differentiator in mortgage lending. Warehouse lenders evaluate security posture before extending credit lines. Borrowers compare data protection practices when choosing lenders. Cyber insurance premiums drop with higher security scores. Companies that can demonstrate a strong Microsoft Secure Score and documented security program attract partners, retain borrowers, and reduce operating costs.
Start Building Trust Through Stronger Security
Trust is the foundation of mortgage lending. Every borrower who shares financial data with your company is making a trust decision. Guardian Security Insights from ABT gives mortgage companies the tools to earn that trust and prove it — to borrowers, partners, regulators, and insurers.
Get Your Security Grade Talk to a Mortgage IT Specialist
.webp)