PennyMac reports MOVEit related data breach of third party

Sovos Compliance, LLC ("Sovos") reported a data breach on behalf of PennyMac Loan Services, LLC ("PennyMac") which resulted in unauthorized access by a third party to sensitive information belonging to PennyMac's customers.

The data breach affecting PennyMac was caused by the exploitation of MOVEit program used by Sovos, a vendor utilized by PennyMac. As part of its standard operations, Sovos employs a third-party application called MOVEit, developed by Progress Software.

On July 28, 2023, the results of Sovos' investigation confirmed that certain information belonging to PennyMac customers had been compromised due to the exploitation of the vulnerability in Sovos' instance of MOVEit. It is important to note that this incident did not involve unauthorized access to PennyMac's internal systems.

Upon discovering that sensitive consumer data had been accessed by an unauthorized party, PennyMac Loan Services conducted a comprehensive review of the compromised files to determine the nature of the information that had been exposed and to identify the affected consumers.

No details are provided about the number of affected individuals nor the types of data exposed in the breach

On August 28, 2023, Sovos Compliance, acting on behalf of PennyMac, initiated the distribution of data breach notification letters to all customers impacted by this recent data security incident. These notification letters are intended to provide affected individuals with a comprehensive list of the specific information pertaining to them that had been compromised.