A massive data breach involving U.S. banks sheds light on the need for encrypted servers in the real estate and mortgage industries
A massive data breach involving U.S. banks sheds light on the need for encrypted servers in the real estate and mortgage industries.
On January 23, more than 24 million mortgage and banking documents, encompassing everything from social security numbers and birth dates to private addresses, were exposed. Documentation was stolen from banks including Citigroup, Wells Fargo and Capital One, and the source of the breach is a Texas-based data and analytics firm called Ascension.
According to Trustifi’s CEO Idan Udi Edry, the causes of data breaches are disturbingly commonplace and liable to happen in Canada, too.
“The source of 69% of attacks today start from simple email,” said Edry. “It can be malware, phishing; it takes a lot of different forms. It’s more important today than ever to encrypt emails because when an individual consumer applies for a mortgage, they’re beginning the process with a realtor and delivering over email proof of income, information like social security, their address, and a lot of realtors happen to use Gmail, which is open source.
“Then, they’re recommended to a loan officer who uses open source emails, like Gmail again, and they hand over more information than they gave to the realtor.”
Most consumers do not realize that, even though they’re handing over sensitive personal information to trusted realtors and loan officers, they’re sending the information worldwide if using unencrypted serves, which exposes them to being defrauded, having their identities stolen, or even having money stolen directly from their bank accounts.
“Firstly, consumers need software to encrypt their emails completely,” said Edry. “Secondly, as a consumer, you should only send sensitive information to an organization that you’ve ensured is using tools to protect data. If I send my information to a realtor, I want to make sure they protect themselves.
“If you’re scanning documents and then emailing them, hitting send is akin to opening your wallet on the street and letting anybody passing by see what’s inside your wallet.”
There are, of course, other ways that sensitive consumer information falls into the hands of unscrupulous actors. Robert Capps, vice president and authentication strategist for NuData Security, has seen his fair share of scams over a 25-year career, and says breaches are becoming increasingly sophisticated. But prevention is easier than most people think.
“What traditional organizations are doing day-to-day to protect against business email compromise is multifaceted: There’s consumer education, and employees are basically taught what business email compromise and phishing looks like,” he said. “They’re taught not to click on attachments, don’t take emails from unknown addresses that ask for really short emergency calls to action.”