[Update 1: Deloitte confirms Fannie Mae and Freddie Mac were not impacted by this incident.]
Mortgage finance giants Fannie Mae and Freddie Mac faced becoming victims of the recent Deloitte hacking revealed at the end of September.
The scope of the hacking and how much it impacts the government-sponsored enterprises, however, is still very unclear.
Fannie Mae, for its part, said it is unaware of any impact this reported breach may have on its business operations.
According to new information on the hacking in an article from The Guardian by Nick Hopkins, the cyber attack was far more widespread than the firm admits, with data from as many as 350 clients in compromised system.
The Guardian has established that a host of clients had material that was made vulnerable by the hack, including:
• The US departments of state, energy, homeland security and defence.
• The US Postal Service.
• The National Institutes of Health.
• “Fannie Mae” and “Freddie Mac”, the housing giants that fund and guarantee mortgages in the US.
It does not appear the hackers targeted any information concerning Fannie Mae and Freddie Mac, according to developments provided to HousingWire by Deloitte. The multinational consulting, auditing and advisory firm originally said the hack impacted six clients, and that it was confident it knew where the hackers had been.
More from the article:
It said it believed the attack on its systems, which began a year ago, was now over.
However, sources who have spoken to the Guardian, on condition of anonymity, say the company red-flagged, and has been reviewing, a cache of emails and attachments that may have been compromised from a host of other entities.
The Guardian has been given the names of more than 30 blue-chip businesses whose data was vulnerable to attack, with sources saying the list “is far from exhaustive”.
Deloitte did not deny any of these clients had information in the system that was the target of the hack, but it said none of the companies or government departments had been “impacted”. It said “the number of email messages targeted by the attacker was a small fraction of those stored on the platform”.
While it’s unclear what the hackers took, they had access to emails, usernames, passwords, IP addresses, architectural diagrams for businesses and health information, the article noted.
“Fannie Mae is aware of the Deloitte cybersecurity incident initially announced on Monday, September 25. At this time, we are not aware of any impact to Fannie Mae data or systems due to the incident. We are working with Deloitte to assess the situation and continue to monitor closely,” a Fannie Mae spokesperson stated.
In response to the article, a Freddie Mac spokesperson said, "We are currently not aware of any impact to Freddie Mac as a result of the recent cyber incident. We are monitoring the situation closely, and we are working with Deloitte to understand what happened and what additional safeguards it may be considering. We take cybersecurity seriously as it relates to every aspect of our business.”
Unfortunately, this is far from the first security threat on the housing finance industry. The industry and consumers are still dealing with the impact of the massive Equifax breach that exposed the personal information of 145.5 million consumers.
Security experts have continuously cautioned that it’s not a matter of if but when an attack will happen. And, the housing industry is no exception to this threat, and thinking otherwise is the wrong approach, experts warn.
Rather than focus on preventing breaches, Michael Harris, chief marketing officer for Guidance Software, has advised that companies should be judged on how effectively they responded to a cyber attack.