Countrywide Mortgage Identity Theft: We Can’t Find the Crime

We haven’t been able to determine to what degree the identify theft letters from mortgage companies are legit. But thanks to an astute reader ‘fotonique,’ we’ve discovered what might be the source of the letters being sent out from other mortgage companies, including ABN-AMRO.

It seems a DHL courier lost a data tape filled with customer information, although it was quickly recovered. (Have a gander at the Google News stories, if you like.) So in that case, it is reasonable—laudable, even—for the mortgage company to send out a letter to its customers warning of the potential identity theft. In the letter to ABN-AMRO customers, the site is referenced. is owned by TransUnion.

What we haven’t been able to determine is why Countrywide Mortgage is sending out letters, since they are owned are offering a credit protection service from Experian, a rival credit agency. Could it be that Experian is taking advantage of the TransUnion data tape theft to push its identify theft protection services? And if their customer data was also on that DHL tape, why would they blame the security infraction on one of their own employees, as stated in the letter?

It’s all very confusing—but not wholly as confusing as why any customer should have to pay a company extra money to guarantee their identity is not stolen from the corporations who hold the customer’s information.

Thanks again to ‘fotonique,’ who did all the initial research legwork on this one.


Edit Your Comment

  1. billhelm says:

    I was suprised to “learn” that countrywide was owned by credit bureau company Experian in one of your stories today. I don’t believe this to be the case. I did a little bit of research, looking up their company profiles and found no mention of either.

    Also, I find the claims in that story of mortgage companies claiming data breaches to get more people to sign up for their credit protection programs to be rather dubious. There likely was a data breach involving an employee. The breadth of customer notification is probably more of the issue than anything else. Companies involved with these breaches have increased the scope of the notifications, and are probably extending these to customers whose data was not breached, but at risk.

    Ultimately, these letters are not something a company wants to send out, as they do pose a risk to the reputation of the firm.

    These sorts of data breaches occur more often then we hear about. Mortgage companies on the up and up send these kinds of letters to customers and the offer of a free year of credit protection is standard practice at a lot of firms.

    A common practice in the mortgage industry is sub-servicing (aka private label servicing) in which a lender will take on loan servicing operations for other lenders, but do so under the name of the original lender. All correspondence and any phone calls will make it appear as if it is the original lender, when really the sub-servicer is handling the loan. It is not easy for the end customer to distinguish this type of operation (and this is actually done by design).

    Countrywide is involved in this type of operation. It’s completely possible that they are subservicing the “other company’s” loans which could explain why the same data breach impacted two seemingly independing organizations and why a similar boilerplate letter was used.

    Countrywide even has a site for this type of operation:

    I think you’re beating a dead horse here.

  2. Joel Johnson says:

    Yup. We were quite wrong on that one, so we made a change to our story. Our mistake.

  3. cenoxo says:

    To clarify things a bit, CountryWide CreditGuard has the following small print at the bottom of their home page:

    Countrywide CreditGuardTM is jointly offered by Inc., an Experian company, and LandSafe Credit, Inc., an affiliate of Countrywide Home Loans, Inc. Experian® is a leading national credit reporting agency with offices worldwide.

    And, sometimes the magic works, but don’t blame us if it doesn’t:

    CreditGuard is a useful resource in protecting credit standing but does not guarantee the prevention of credit fraud or identity theft.

    The Federal Trade Commission is a good starting point about protecting yourself against identity theft.