Carrington Mortgage Services Breach

  • Published: Jun 25, 2024
  • Last Updated: Jul 09, 2024

Carrington Mortgage Services was founded in 2007 as a subsidiary of Carrington Holding Company LLC, a holding company that provides a wide range of single-family residential real estate services. It is a fully integrated mortgage company with lending and servicing operations that supports investors and borrowers. The company has its headquarters in California, but it is licensed to lend in 48 states, while it services loans in all 50 states of America and Puerto Rico. Carrington Mortgage Services makes annual sales of over $1.2 billion and has employed more than 2,700 persons since inception. The company manages customers' sensitive and financial data, so it is not unexpected that it was targeted for data breach.

Carrington Mortgage Services Breach

Carrington Mortgage Services became a data breach victim in 2023 following a ransomware attack on one of its vendors, Alvaria, Inc. Alvaria, Inc. helps Carrington Mortgage Services with certain outsourced services. It was discovered that Alvaria experienced a data breach involving sensitive personal identifying information in its network belonging to customers of Carrington Mortgage Services. This resulted in the company customers' data being leaked. The hackers responsible for the ransomware attack on Alvaria, Hive Ransomware, accessed certain sensitive data, including Alvaria employees' Social Security Numbers (SSNs). Similarly, Carrington Services customers' account numbers were breached in the ransomware attack. While Carrington was able to restore its backup copies of the data accessed, leaked documents on the dark web revealed the damage had already been done. At least 50,000 individuals were impacted by the data breach.

When Was the Carrington Mortgage Services Data Breach?

The ransomware attack on Alvaria, Inc. that breached Carrington Mortgage Services customers' data was reported to have happened on March 9, 2023. However, according to Alvaria's data breach notice, it experienced a Hive Ransomware assault on November 28, 2022. Afterward, the company commenced an investigation immediately, but not before it secured its network systems and notified relevant authorities, including law enforcement. During Alvaria's investigation, Hive Ransomware released certain data onto its dark web. Even though none of the leaked information on the dark web belonged to Alvaria's employees or customers, one thing was sure - the hack was confirmed to have occurred.

The data breach notice released by Alvaria, Inc. in 2022 did not mention Carrington Mortgage Services, but many say it is uncertain, although possible, that the 2022 and 2023 incidents are disparate. On behalf of Carrington Mortgage Services, Alvaria issued notice of data breach incident letters to customers whose sensitive information may have been compromised on April 26, 2023. 

How to Check If Your Data Was Breached

You can check if your personal or financial data was exposed in the Carrington Mortgage Services data breach by reviewing your accounts. While checking your bank accounts, look out for possible unauthorized charges. Similarly, review your email accounts for any suspicious activities. If there is any, your email was probably leaked during the data breach. 

However, many people whose data were impacted by the Carrington Mortgage Services data breach were contacted by Alvaria, Inc. with notice of data breach letters. You would most likely get one if you were affected. That said, it is better to err on the side of caution by taking further steps to know whether you were affected. For instance, you can look up notices on the company's websites or carefully read emails regarding the incident from the company's official email address. 

What to Do If Your Data Was Breached

If the Carrington Mortgage Services data breach affected you, it is important that you enroll in the complimentary identity monitoring services offered by the company. Acting on behalf of Carrington, Alvaria offered a free 24-month membership of Experian's Identity Works for individuals whose data were exposed in the breach. With this service, you can see what information is associated with your credit file, actively monitor your Experian file for signs of fraud, and enjoy up to $1 million in identity theft insurance, which provides coverage for certain expenses and unauthorized electronic fund transfers.

Updating the passwords on your email and Internet or mobile banking profiles is also recommended if you were affected by the Carrington Mortgage Services data breach. Furthermore, you can ask to place a security freeze on your credit reports, which will restrict any credit reporting agency from disclosing information on your credit report without your approval. To do this, you must submit a written request to each of the three major credit reporting agencies in the United States.

Are There Any Lawsuits Because of the Data Breach?

A class action lawsuit was filed in Massachusetts Federal Court by Pamela Smith in connection with the March 2023 ransomware attack and data breach that affected some Carrington customers. The class action was against Carrington Mortgage Services and its third-party vendor, Alvaria, Inc. On behalf of herself and other plaintiffs, Smith alleges that Carrington and Alvaria did not employ adequate security measures that complied with industry standards to safeguard customers' data.

Furthermore, Carrington Mortgage Services is being accused of not providing its customers with sufficient notice about the incident. The class action also argues that Carrington and Alvaria are guilty of breach of contract, breach of third-party beneficiary contract, and breach of implied contract. While the case status is still pending as of June 2024, the plaintiff is soliciting a jury trial and requesting declaratory and injunctive relief, in addition to an award of damages for self and other class members in the suit.

Can My Carrington Mortgage Services Information Be Used for Identity Theft?

Yes. You are at risk of identity theft if your information was compromised in the Carrington Mortgage Services data breach. The stolen data may be used to commit various crimes, including opening fraudulent financial accounts in your name.

What Can You Do to Protect Yourself Online?

While Carrington Mortgage Services claims to have robust security measures to protect consumers' data from unauthorized access and use, the 2023 data breach emphasizes the need to take responsibility for your data security. The following are some measures you can take to secure your personal and financial information online against cyber attacks:

  • Beware of emails that appear to be from legitimate businesses, especially if they ask you to provide your personal or financial information or install certain software. Never respond to such emails or provide any personal data.
  • Ensure that your computer and mobile devices are up to date with the most recent software patches. In addition, install anti-spyware software and antivirus.
  • It is recommended that you constantly seek to learn about cybersecurity threats and how to protect yourself against them using sites like IDStrong.
  • Avoid using passwords that anyone can easily figure out. Instead, create strong passwords that combine letters (upper and lower case), numbers, and special characters.
  • Enable "failed login" attempt notifications on your online accounts to alert you of potential malicious activity by hackers.
  • Enable multi-factor authentication on your online profiles and for online transactions where available. This creates multiple levels of barriers for hackers to enter.
  • Review your credit reports and statements of accounts regularly and pay rapt attention to suspicious charges. Using a credit monitoring service can help you monitor your credit file and alert you of any changes.

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that much a ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

What You Need to Know about the Delta Dental Data Breach

What You Need to Know about the Delta Dental Data Breach

Delta Dental is a dental insurance provider serving over 90 million Americans. It offers coverage in all 50 states, Puerto Rico, and Washington, D.C. The company was established in 1966 in California as part of the Delta Dental Plans Association.

What You Need to Know about the Hot Topic Data Breach

What You Need to Know about the Hot Topic Data Breach

Hot Topic plays in the fashion, apparel, and shoe industry as a retailer of music-influenced apparel and accessories, such as jeans, tops, belts, dresses, pajamas, sunglasses, jewelry, and tees.

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close