AnnieMac Home Mortgage Data Breach Affects 171,074 People

American Neighborhood Mortgage Acceptance Company, LLC (AnnieMac Home Mortgage), a nationwide mortgage loan provider, recently experienced a significant data breach. The breach occurred between August 21, 2024, and August 23, 2024, when an unauthorized actor gained access to AnnieMac’s systems. During this time, the actor viewed and/or copied sensitive files from the company’s network.

The breach was discovered on October 15, 2024, during routine monitoring when suspicious activity was detected on certain systems. Following an investigation with third-party forensic specialists, AnnieMac confirmed that the compromised files contained the personal information of 171,074 individuals across the United States.

The types of consumer information exposed in the breach include:

• Names
• Social Security numbers
• Driver's license numbers
• Financial account information
• Payment card information
• Medical information
• Health insurance information

The breach impacted individuals nationwide, with specific numbers reported for certain states:

• Texas: 7,013 individuals
• Maine: 1,313 individuals
• South Carolina: 6,218 individuals

AnnieMac disclosed the breach to the South Carolina Attorney General's office on November 15, 2024. You can read the full disclosure on the South Carolina Attorney General's website. Additional details are also available on the Maine Attorney General's website, the Massachusetts Attorney General's website, the California Attorney General's website, and the Texas Attorney General's website.

The company began notifying affected individuals via U.S. mail on November 14, 2024.

AnnieMac's Response

In response to the breach, AnnieMac took immediate action to secure its systems and prevent further unauthorized access. The company:

1. Secured the affected systems and confirmed the integrity of its broader network.
2. Launched a comprehensive investigation with the help of third-party forensic experts to determine the scope of the breach.
3. Conducted an extensive review of the compromised files to identify impacted individuals and their contact information.
4. Notified federal and state regulators, including attorneys general in affected states.

To assist affected individuals, AnnieMac is offering complimentary credit monitoring and identity theft protection services through CyEx for a period of 12 months. These services include features such as credit monitoring, dark web monitoring, address change alerts, and up to $1 million in identity theft insurance.

What the reader should do if they are affected by the data breach

If you believe you were affected by this data breach, it is important to take proactive steps to protect your personal information. Here’s what you should do:

1. Enroll in the free credit monitoring services offered by AnnieMac. Instructions for enrollment were included in the mailed notice. Be sure to enroll before the stated deadline.
2. Monitor your financial accounts for any unauthorized transactions. Review your bank and credit card statements regularly.
3. Check your credit reports for suspicious activity. You are entitled to one free credit report annually from each of the three major credit bureaus (Equifax, Experian, and TransUnion) at Annual Credit Report.
4. Consider placing a fraud alert or credit freeze on your credit file. A fraud alert makes it harder for identity thieves to open accounts in your name, while a credit freeze restricts access to your credit report.
5. Be cautious of phishing attempts. Scammers may use this breach as an opportunity to impersonate AnnieMac or other legitimate entities. Do not click on suspicious links or provide personal information over the phone or email.
6. Report any signs of identity theft to the Federal Trade Commission (FTC) at IdentityTheft.gov and file a police report if necessary.

For additional assistance, you can contact AnnieMac’s dedicated assistance line at 1-888-458-5616, available Monday through Friday from 9:00 AM to 9:00 PM Eastern Time.