Saturday, February 8, 2025
HomeData BreachCyber Criminals Hacked Major U.S. Mortgage Company Computer Servers to Steal Sensitive...

Cyber Criminals Hacked Major U.S. Mortgage Company Computer Servers to Steal Sensitive Data – FBI

Published on

SIEM as a Service

Follow Us on Google News

A Team of 4 Hackers who are resided in San Diego Infiltrated the Mortgage Company Computer Servers to steal the sensitive data between 2011 – 2014.

The Stolen information including loan application information from thousands of customers such as Social Security numbers, addresses, dates of birth, and driver’s license numbers and use it for various malicious activities.

Also Read: Attackers Distributing Dangerous Malware via YouTube to Steal Passwords

Hackers Used Fuzzing Technique

John Bade, A chief Hacker and one of the masterminds of this hacking Group compromise the mortgage companies using a well known common hacking technique called Fuzzing.

Fuzzing helps to overload a web server with massive amounts of data that can lead to the server revealing security loopholes.

In this case, “Once Baden had access to victims’ information, he and his conspirators, Victor Fernandez, Jason Bailey, and Joel Nava, went to work. Fernandez—the group’s ringleader—identified multiple victims’ brokerage accounts and took control of them by calling the companies and providing the victims’ personal information to change passwords and contact information. “

25,000 Compromised Victims

Later they will transfer the funds to an account that controlled by the Hackers form the victims account and sometimes they transferred up to $30,000.

Spoke Person from FBI said, Victims stretched from California to Florida, and one individual lost nearly $1 million in the scheme.

In this case, more than 25,000 victims were compromised by this hackers and FBI believes that it could be more than we expected and its impossible to calculate since There was so much retail fraud over such a long period of time.

“Investigators worked backward from the mortgage company, eventually identifying the hack—and the hackers. By that time, Baden was hiding in Mexico. In 2014, he was named to the San Diego FBI’s Most Wanted Cyber Fugitives list, and the reward offered in the case eventually led to his capture in Mexico, Christopherson said.”

According to FBI,  All four Hackers pleaded guilty to their roles in the fraud scheme. In 2015, Baden was sentenced federally to nine years in prison. In January 2018, Fernandez was sentenced to more than 10 years in prison. Bailey received a sentence of more than five years, and in February 2018, Nava was the last subject to be sentenced, to 44 months in prison.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale

Threat actors from dark web forums claim to have stolen and leaked 20 million...

New FUD Malware Targets MacOS, Evading Antivirus and Security Tools

A new strain of Fully Undetectable (FUD) macOS malware, dubbed "Tiny FUD," has emerged,...

Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users

Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that...