Close desktop login portal

Client Login

Select one of the portals below and login with your credentials

Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Mobile menu toggle
Back to menuBack to menu
Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Employment Documents

Testing4321

Mortgage

Third-Party Vendors Continue To Be a Big Risk: Millions of Mortgage Documents Leaked Online

Articles by: Richey May, Jan 25, 2019

Independent security researcher Bob Diachenko recently announced his discovery of nearly 24 million financial and banking documents that had been leaked to the internet. A misconfigured database hosted by OpticsML, a software development firm that claims to have developed machine learning for residential mortgage lending, appears to be the source of the leak. The platform was designed to extract data from a variety of mortgage documents and aid in automating the indexing of that data with the goal of reducing the human labor element by 80%.

A recent report from cybersecurity firm CyberGRX found that in 2018, 63% of all data breaches had been linked back to third parties with direct access to the impacted firm’s data and/or technology resources. As the costs associated with data breaches continue to climb, increasing nearly 36% year-over-year, organizations should be focusing on ensuring that their third-party vendors and service providers have robust cybersecurity controls in place.

Third-party vendor and service provider risk is a cornerstone element for regulators, as both state and federal regulators require that firms validate the cybersecurity posture of their third-party vendors. The Consumer Financial Protection Bureau requires any covered entity to have a formally-documented risk management program in place for all high-risk and/or critical service providers. States such as Arizona, Colorado, Alabama, and New York all enacted new requirements in 2018 for lenders and financial services companies to validate that reasonable cybersecurity controls are in place with third-party service providers.

What is reasonable can vary based on the size of the organization as well as the type of data that the vendor has access to. But there are a number of critical items lenders should expect, including:

  • Encryption of data in transit
  • Encryption of data at rest
  • Robust access controls over the data
  • Multi-factor authentication for remote access
  • External third-party testing and reviews

This recent incident impacts nearly 46,000 loans that were originated by some of the largest US banks, including Wells Fargo, Citigroup, Capital One, as well as the Department of Housing and Urban Development. It only serves as an example of why third-party vendor risk is critical for all lenders, regardless of size. Companies need to ensure that the vendors they are doing business with are being good stewards of their customers’ information  ̶  especially since the lenders ultimately own the liability.