DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Fannie Mae notifies 1,100 of a security breach – but it’s a puzzlement

Posted on November 9, 2011 by Dissent

On October 28, Fannie Mae notified the New Hampshire Attorney General’s Office of a security incident involving personal information of over one thousand individuals.

In their letter, they explain that in mid-October, they became aware that an employee may have been attempting to sell handwritten copies of the financial information of approximately 1,100 people.  The information included, but was not limited to, their names, addresses, dates of birth, Social Security numbers, and credit scores.

Unfortunately, Fannie Mae is not sure when the problematic behavior began, noting that it could be anytime after August 2008.

But where did the personal information come from? What is somewhat puzzling about the incident is that the data involved may not have come  from a Fannie Mae database. As they explain, their databases do not typically include some of the types of information found in the employee’s possession such as driver’s license numbers and financial account information.

To complicate matters even more, some of the individuals whose information was in the possession of the employee had no relationship with Fannie Mae at all, but they are also being notified of the breach.  All those being notified are being offered free credit monitoring.

So as best as Fannie Mae can determine to date, there was no electronic breach of their system and the compromised data may not have even been data they held on individuals.

The letter by Evan Stolove, Fannie Mae’s Vice President and Deputy General Counsel, does not mention whether there is any possibility that the employee might have been misusing someone’s credentials to access Experian or some other credit reporting agency database. It might be helpful to know.

 Update: Well, it took more than two years, but this indictment relates to the breach described above.

 

 

 

Related posts:

  • Former Employee of Fannie Mae Contractor Convicted of Attempting to Destroy Fannie Mae Computer Data
  • (follow-up) Fired Fannie Mae contractor sentenced to 41 mos. for attempting to destroy all data on servers
  • TX: ID Theft Conspiracy Leader Sentenced To 16 Years In Federal Prison And Ordered To Pay $88,131 In Restitution
  • Former federal IT contractor sentenced for disabling Fannie Mae website after his employment terminated
Category: Breach IncidentsFinancial SectorInsiderOf NoteU.S.

Post navigation

← OH: Rash Of ID Thefts Linked To Delaware County Store
Three months after tapes are reported missing, ValueOptions notifies National Elevator Industry subscribers (updated) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.