ICE's Encompass impacted by CrowdStrike incident

ICE Mortgage Technology's Encompass loan origination system went down following a global technology outage. By Friday afternoon, many parts of the mortgage software provider's system were restored, a company representative said.

The industry tech provider said that the disruption was related to the major CrowdStrike incident, but did not confirm or deny if the company itself uses the software. 

Data and Document Automation software was also affected according to the company's status center, but was fully restored before noon PDT. 

The earliest visible update for a technical issue with Encompass, DDA and ICE's Velocify software was posted at 1:45am PDT Friday. About 12 hours later, Velocify systems were operating normally. 

A spokesperson for ICE shared with National Mortgage News a message the company initially sent to customers, which explained the company's markets, exchanges, fixed income and data services remained fully operational as they worked to restore other services. 

Mortgage lenders contacted by National Mortgage News have not said whether they've been impacted by the incident, or confirmed whether they are customers of the widely used cybersecurity service. A buggy update by the Microsoft-owned CrowdStrike led to global disruption, including at hospitals, airlines and financial services. 

The Department of Housing and Urban Development said this morning it experienced issues with user logins and applications, and the Federal Housing Administration was working on a resolution. It did not say whether the issue was related to CrowdStrike, and did not return a request for comment. 

The Nationwide Multistate Licensing System was impacted briefly from the CrowdStrike incident but is up and running, a spokesperson for the Conference of State Bank Supervisors said in a statement Friday.

Michael Nouguier, director of cybersecurity services at Richey May, said the company began receiving calls from independent mortgage banks this morning about disruptions. 

"Their security teams, when something's not working, they come to us to make sure that they're not experiencing a security incident," he said. "And what we're able to do is identify this is a CrowdStrike issue at a third party in these cases."

Fannie Mae was not impacted by the CrowdStrike outage but "is actively monitoring for any impacts on our technology partners and business counterparties," a representative said.

CrowdStrike said the single content update, for which it has deployed a fix, impacted Windows hosts and did not affect Mac and Linux systems. It said the incident was not a cyberattack. 

"We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption," the company said in a statement with technical details on its website.

Mortgage companies haven't publicly reported effects from the outage. Banks have experienced some outages according to updates on Downdetector, a tech company-owned, crowd-sourced reporting site. Some banks have released statements acknowledging no significant impacts, while Visa and Mastercard told American Banker they were unaffected.

Cybersecurity experts commented on the practice of automatic updating, where many companies have appeared to have been hurt by CrowdStrike. Carlos Aguilar Melchor, chief scientist of cybersecurity at tech firm SandboxAQ, said companies "cannot accept with blind trust" software updates or cybersecurity practices. 

"Every company should implement observability in their software systems right away to monitor these high-impact platforms and prevent these catastrophes," he said in an emailed comment. 

The Federal Cybersecurity and Infrastructure Agency posted a notice about the incident Friday, stating it has observed threat actors "taking advantage of this incident for phishing and other malicious activity."

That warning comes amid heightened dangers for mortgage companies, which are already reeling from major attacks in the past year. Nouguier said organizations shouldn't shoulder blame for doing anything wrong. 

"Half the world is down today," he said. "This may not have been an issue of an automatic update, as much as it is an issue of just implicit trust in our vendors to do things right."

Update
This article has been updated to reflect that some elements of Encompass were brought back on line following the disruption in service.
July 19, 2024 3:40 PM EDT
For reprint and licensing requests for this article, click here.
Technology Cyber security Originations Servicing Mortgage technology Industry News
MORE FROM AMERICAN BANKER