On March 18, 2022, CMG Financial discovered that an unauthorized party may have gained access to certain customers’ personal and financial information, including their Social Security numbers. On March 30, 2022, CMG Financial began sending out data breach notification letters to those affected by the incident.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. More about what you can do if your data was stolen is available in our prior blog post, “A Guide For Victims of a Data Breach”.
We have obtained a copy of the initial data breach letter issued by CMG Mortgage, Inc:
We are writing to inform you of an information security incident that may involve certain personal information you provided to CMG Mortgage Inc. (“CMG” or the “Company”). We are providing this notice as a precaution to inform potentially affected individuals about the incident and to call your attention to some steps you can take to help protect yourself. Please be assured that we have taken reasonable steps to address the incident.
On March 18th, 2022 the Company became aware of a potential unauthorized access of personal information on a small subset of customers. The personal information involved in the incident is commonly included in the application of a loan and may have included your name, address, date of birth, Social Security number, driver’s license number, bank account number, and loan application number. Based on our investigation, it appears you were one of the individuals whose information could be affected by this incident. Please note, at this time, we are not aware of any fraud or misuse of your information as a result of this incident.
We take the privacy of personal information seriously and deeply regret that this incident occurred. We took steps to address the incident promptly after it was discovered, including rebuilding and segmenting affected system and initiating an internal investigation. We regularly take steps to strengthen the security environment of our systems to protect customer data. For example, we are implementing additional layers of protection designed to help prevent unauthorized access in the future and to enhance the security of our systems including implementing multi-factor authentication, further segmenting CMG’s internal network and systems, and upgrading CMG’s document management system.
What we are doing to protect your information
To help protect your identity, we are offering a complimentary 24-month membership of Experian’s® IdentityWorksSM. While identity restoration assistance is immediately available to you, we also encourage you to activate the fraud detection tools available through Experian IdentityWorks as a complimentary two-year membership. This product provides you superior identity detection and resolution of identity theft. To activate your membership & start monitoring your personal information please follow the steps below:
- Ensure that you enroll by: [enrollment end date] (Your code will not work after this date.)
- Visit the Experian IdentityWorks website to enroll: [URL]
- Provide your activation code: [code]
If you have questions about the product, need assistance with identity restoration or would like an alternative to enrolling in Experian IdentityWorks online, please contact Experian’s customer care team at [service number] by [enrollment end date]. Be prepared to provide engagement number as proof of eligibility for the identity restoration services by Experian.
ADDITIONAL DETAILS REGARDING YOUR 24-MONTH EXPERIAN IDENTITYWORKS MEMBERSHIP: A credit card is not required for enrollment in Experian IdentityWorks.
You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:
- Experian credit report at signup: See what information is associated with your credit file. Daily credit reports are available for online members only.1
- Credit Monitoring: Actively monitors Experian, Equifax and Transunion files for indicators of fraud.
- Identity Restoration: Identity Restoration specialists are immediately available to help you address credit and non-credit related fraud.
- Experian IdentityWorks ExtendCARE: You receive the same high-level of Identity Restoration support even after your Experian IdentityWorks membership has expired.
- Up to $1 Million Identity Theft Insurance: Provides coverage for certain costs and unauthorized electronic fund transfers.
If you believe there was fraudulent use of your information and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent at [customer service number]. If, after discussing your situation with an agent, it is determined that Identity Restoration support is needed, then an Experian Identity Restoration agent is available to work with you to investigate and resolve each incident of fraud that occurred (including, as appropriate, helping you with contacting credit grantors to dispute charges and close accounts; assisting you in placing a freeze on your credit file with the three major credit bureaus; and assisting you with contacting government agencies to help restore your identity to its proper condition).
Please note that this Identity Restoration support is available to you for 24 months from the date of this letter and does not require any action on your part at this time. The Terms and Conditions for this offer are located at www.ExperianIDWorks.com/restoration. You will also find self-help tips and information about identity protection at this site.
We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have questions or concerns regarding this matter, please do not hesitate to contact us at [Phone Number] between the hours of 9 AM to 5 PM Eastern time, Monday through Friday or via email at [name]@cmgfi.com. Again, we sincerely regret any concern this incident may cause.