Tennessee-based mortgage lender confirms December cyberattack

One of the largest mortgage lenders in the Southeast U.S. said it suffered a cybersecurity incident last month that exposed troves of customer information. 

Tennessee-based Mortgage Investors Group (MIG) did not outline how many customers were impacted by the attack but said they have hired a vendor to identify the affected individuals. The company said it expects to notify those customers directly once the process is completed in several weeks. 

MIG posted a notice to its website explaining that a cyberattack affecting its network infrastructure began on December 11 and was discovered one day later. 

“The investigation revealed that an unauthorized user had gained access to MIG’s computer environment. This unauthorized access resulted in the exposure of sensitive personal information pertaining to a number of individuals,” the company said. MIG has more than 26 branches and about 300,000 customers — securing over $30 billion in closed loans since its founding in 1989. 

MIG warned that those affected likely had their full names and financial information exposed during the cyberattack. The company did not respond to requests for comment about whether the incident was a ransomware attack. 

The attack was claimed over the weekend by the Black Basta ransomware gang — one of the most notorious hacking groups currently operating. 

After the gang attacked a large nonprofit hospital network in the U.S., federal law enforcement agencies warned that the group was targeting 12 of the 16 critical infrastructure sectors and attacked at least 500 organizations globally between April 2022 and May 2024.

Black Basta has previously taken credit for attacks on Dish Network, the American Dental Association and the government of Chile. 

Ransomware gangs have repeatedly targeted financial institutions involved in the housing industry, holding several large companies hostage in recent years. 

Housing purchases were stymied at points over the last two years after recent ransomware attacks on lenders and title insurance firms like Mr. Cooper, LoanDepot, Fidelity National Financial, Nations Direct Mortgage and First American.