The Fulcrumsec group claims to have breached Wonder Rates, Inc., a California-based mortgage brokerage that ranked #5 in the United States in 2022 and processes loan applications across twelve US states. According to the threat actors, the breach was the result of an unsecured cloud storage environment, allowing them to exfiltrate the company’s entire production, development, and staging environments. The exposed data reportedly contains the complete financial identities of an estimated 3,000 to 7,000 American families, alongside proprietary lender integrations and source code. Notably, the threat actors allege that Wonder Rates was using real borrower personally identifiable information (PII) within their development environment.
According to the actor, the allegedly compromised data includes:
-
Full names and dates of birth
-
Social Security Numbers (complete 9 digits)
-
Driver’s licence scans (front and back)
-
W-2 forms and tax withholding details
-
Bank statements and account numbers
-
Employment history and income details
-
Credit card balances and existing mortgage balances
-
Property valuations and loan terms
-
Personal declarations (marital status, bankruptcy history, etc.)
-
Proprietary rate engine source code and deployment configurations
-
Lender integration files and rate sheets (including proprietary configurations for United Wholesale Mortgage)
-
Active production database credentials and AWS access keys
Daily Dark WebRead More
R1
T1
