Green Tree Services is mailing breach notification letters that begin:
I am writing to explain a recent security incident that may involve your personal information. Green Tree Servicing LLC (“Green Tree”) has learned that personal information relating to some customers may have been accessible in a security incident involving potential unauthorized access to certain computer applications residing on servers operated on behalf of Green Tree. The personal information that may have been accessible in the incident includes your name, Social Security number or other personal information included on mortgage forms. We wanted to reach out to inform you of what we are doing to protect you and what you can do to protect yourself.
How do they define “recent?”
According to the metadata on the breach that they provided to the California Attorney General’s Office, the breach occurred on September 17, 2013 and was discovered on August 1, 2014.
So what took them so long to discover the breach, and then why did it take them another 10 more months to begin sending notifications?