On August 29, 2023, Sovos Compliance, LLC, a third-party service provider, filed a notice of data breach with the California Attorney General on behalf of RoundPoint Mortgage Servicing, LLC. This data breach incident allowed unauthorized parties access to RoundPoint Mortgage customers’ sensitive information.
The data breach resulted from an observable security lapse in the MOVEit data transfer system utilized by Sovos Compliance. MOVEit is a managed file transfer software produced by Ipswitch, now part of Progress, which specializes in secure information transfer.
Importantly, the RoundPoint Mortgage data breach underscores the evolving landscape of cyber risk management and the persistent vulnerability of companies around the globe. It’s a stark reminder for corporations and law firms about the persistent risks and liabilities in managing sensitive data, particularly when third-party vendors are involved.
Yet, as this case demonstrates, third-party vendors often create an additional layer of risk when managing sensitive client information. The use of managed file transfer systems like MOVEit stands as a critical check in this process. The evident security lapse underscores the importance of continually auditing and verifying the security measures of third-party vendors.
In conclusion, the RoundPoint Mortgage data breach has reaffirmed the importance of due diligence in managing cyber risks. It reiterates the responsibility of every institution to not just monitor their own cyber security, but also to ensure the safety and robustness of systems employed by their third-party vendors who might be entrusted with their client’s sensitive data.
For more detailed coverage, visit JD Supra. All legal professionals working within large corporations and law firms must continue to stay alert to these emerging cyber threats within their industries, and strive for stringent measures to guard against the vulnerabilities inherent within digital data management.