PHH Data Breach Exposes Employee Information

WASHINGTON — A temporary worker for PHH Corp. potentially gained access to employees' personal information, including Social Security numbers and dates of birth, according to a letter from the company's chief executive.

In a letter posted on the California Department of Justice's website, Glen Messina, the $9.3 billion-asset mortgage servicer's president and chief executive, wrote that the company learned on April 3 that the former employee was indicted and is cooperating with an investigation.

The servicer has sent the letter to former and existing employees of the company, cautioning them of the data breach. The company did not disclose how many letters were sent, but it had roughly 6,700 employees at the end of 2012, according to its annual report.

Messina said that the servicer had no evidence the temporary worker misused the data based on their own investigation, but they offered identity protection services through a company called AllClear ID until Nov. 15, 2014. The company also acknowledged it could improve its own policies that allow temporary workers access to so much information.

"We take our obligation to safeguard your personal information very seriously," Messina wrote to employees. "We continue to take steps to help prevent this type of incident from reoccurring, including enhancing some of our policies surrounding temporary employees and access to data."

A call to the company was not immediately returned.

PHH is one of the largest mortgage servicers in the country and had a $182 billion loan servicing portfolio at March 31.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER