Churchill Mortgage Corporation Data Breach Compromises Social Security Numbers and Financial Account Information | Console and Associates, PC

Tennessee-based residential mortgage company Churchill Mortgage Corporation recently filed a formal data breach notice. According to the company’s official filing, the breach resulted from an unauthorized party gaining access to an employee’s email account. Churchill Mortgage reports that some people’s names, social security numbers, and financial account numbers were accessible to the unauthorized party. On April 12, 2022, Churchill Mortgage sent data breach notification letters to individuals whose information was affected by the breach.

If Churchill Mortgage Corp. sends you a data breach letter, your sensitive information was part of that included in the compromised email account. Therefore, a malicious cybercriminal may have your personal information in their possession. To learn more about how to protect yourself against fraud or identity theft and what legal options are available to you following the Churchill Mortgage data breach, see our recent blog post. here.

What led to the Churchill data breach?

The recent data breach at Churchill happened because an unauthorized party gained access to the email accounts of one of the company’s employees. The company does not state when it first noticed the unauthorized activity. However, in its official documents, Churchill Mortgage explains that it concluded its investigation into the incident on February 10, 2022, confirming that the unauthorized user had access to names, financial account information and social security numbers. of some people.

How do hackers gain access to employee email accounts?

To be clear, Churchill Mortgage does not elaborate on the details that led to the breach. However, email cyberattacks can occur in several ways. Often when an unauthorized user orchestrates a data breach by obtaining the email credentials of employees, the attack involves an email phishing attack.

Phishing attacks rely on social engineering to trick someone into providing information or downloading malware. These social engineering attacks involve sending a fraudulent message disguised as a legitimate message in the hopes of tricking the recipient into revealing sensitive information or installing malware on their device.

Information obtained through a successful email phishing campaign is often used to commit fraud or identity theft against the owner of the information. So, while a company is often seen as a “victim” of a phishing attack, the real victims are those whose information is stolen in these cyberattacks.

How common are phishing attacks?

Phishing email attacks are very common and are one of the leading causes of data breaches. According to a 2021 study, employees in the United States receive an average of 14 malicious emails per year. Some workers, like those in the retail industry, receive 49 malicious emails a year. These attacks are well-designed and appear to come from trusted sources. So much so that 86% of companies had at least one employee who clicked on a phishing link in 2021.

Given the frequency of phishing attacks, businesses are aware of the threat posed by phishing attacks and should take appropriate steps to educate their employees and strengthen their data security measures. In fact, many companies have recently started requiring their employees to take special courses designed to help them identify phishing attacks. However, there are also back-end data security measures that organizations can use to reduce the number of phishing emails reaching employee inboxes.

About Churchill Mortgage Corporation

Founded in 1992, Churchill Mortgage Corporation is a mortgage company based in Brentwood, Tennessee. The company offers residential customers a wide range of mortgage options for home buyers as well as those looking to refinance their current home. Churchill Mortgage Corporation is licensed to underwrite mortgages in 49 states. Churchill Mortgage Corp. has more than 800 employees and generates approximately $574 million in revenue each year.

Luisa D. Fuller