Fannie, Freddie not affected by Deloitte breach, GSEs say

Fannie Mae and Freddie Mac were not affected by a hacking incident in September against the accounting giant Deloitte, the companies said Tuesday, after a British newspaper alleged a server containing emails from government agencies was compromised.

Fannie, Freddie and Deloitte all denied that the government-sponsored enterprises had any data compromised in a cybersecurity breach announced on Sept. 25.

"We are not aware of any impact to Fannie Mae data or systems due to the [Deloitte] incident," said Fannie spokesman Pete Bakel. "We are working with Deloitte to assess the situation and continue to monitor closely.”

Freddie also said it's data was not compromised.

“We are currently not aware of any impact to Freddie Mac as a result of the recent cyber incident," Chad Wandler, a Freddie spokesman, said in an emailed statement. "We are working with Deloitte to understand what happened and what additional safeguards it may be considering. We take cybersecurity seriously as it relates to every aspect of our business.”

The Equifax's data breach last month, in which addresses, driver's licenses and Social Security numbers of more than 145 million consumers was potentially compromised, raised concerns in Congress. Whether that information is being used to exploit consumers is not clear yet.

The Federal Housing Finance Agency, which oversees Fannie and Freddie in conservatorship, declined to comment on the Deloitte hack and instead referred questions directly to the GSEs.

But Director Mel Watt said at a hearing last week that cybersecurity is a top priority for the agency and the enterprises.

"We are doing the same things that everybody is doing in the private sector and in government to try to protect against cybersecurity risk," Watt told members of the House Financial Services Committee. "I think everybody is behind the curve, because the people who are trying to hack are generally one step ahead of us. But we are doing exactly the same things. ... If there is a breach at the enterprises, we know about it instantaneously."

The Guardian quoted unnamed sources who alleged that 350 Deloitte clients had data that was vulnerable because some emails from employees were on a Deloitte server that was compromised. The newspaper listed Fannie and Freddie among various government agencies that were vulnerable, including the U.S. State Department, Defense Department, Department of Homeland Security and the U.S. Postal Service.

The U.K. newspaper also alleged that four global banks, three airlines and big pharmaceutical companies had emails on a Deloitte server that was breached.

Ian McKendry contributed to this article.