Back on March 20, United Shore Financial Services, LLC notified the New Hampshire Attorney General’s Office that they had experienced an intrusion into a server containing mortgage applicants’ names, contact information, dates of birth, drivers’ license numbers, Social Security numbers, and financial information. The letter did not specify whether the server was their own server or that of a vendor. USFS learned of the breach on January 31 and retained forensic consultants who determined that the breach likely occurred on December 2, 2012. In addressing the breach of the undiclosed number of clients’ information, USFS reported that they hardened their security and offered those affected a year of free credit monitoring.
Now on August 15, Shore Mortgage, a division of USFS, notified the California Attorney General that an unnamed vendor’s server had been attacked beginning on June 2. The server contained clients’ information (the same types described above). As in the USFS incident, there was no evidence at of the time of the notification that anyone’s information had been misused. In her letter dated August 21 to those affected, Erin Castro, VP of Shore Mortgage, offered those affected one year of free credit monitoring and noted that the firm had strengthened their security by requiring the vendor to retrain its employees to follow its own security protocols as well as additional security requirements Shore imposed on the vendor. Shore also “implemented numerous protocols and additional monitoring procedures.”
From the two notices, it is not clear whether both incidents involved the same vendor, or whether the first incident involved a different vendor or no vendor. Shore Mortgage has not replied to an e-mail inquiry sent yesterday that raised that question as well as requesting additional details such as the number of their clients who were notified of the June breach.