ICE Mortgage Technology's Encompass loan origination system went down following a global technology outage. By Friday afternoon, many parts of the mortgage software provider's system were restored, a company representative said.
The industry tech provider said that the disruption was related to the
Data and Document Automation software was also affected
The earliest visible update for a technical issue with Encompass, DDA and ICE's Velocify software was posted at 1:45am PDT Friday. About 12 hours later, Velocify systems were operating normally.
A spokesperson for ICE shared with National Mortgage News a message the company initially sent to customers, which explained the company's markets, exchanges, fixed income and data services remained fully operational as they worked to restore other services.
Mortgage lenders contacted by National Mortgage News have not said whether they've been impacted by the incident, or confirmed whether they are customers of the widely used cybersecurity service. A buggy update by the Microsoft-owned CrowdStrike led to
The Department of Housing and Urban Development said this morning it experienced issues with user logins and applications, and the Federal Housing Administration was working on a resolution. It did not say whether the issue was related to CrowdStrike, and did not return a request for comment.
The
Michael Nouguier, director of cybersecurity services at Richey May, said the company began receiving calls from independent mortgage banks this morning about disruptions.
"Their security teams, when something's not working, they come to us to make sure that they're not experiencing a security incident," he said. "And what we're able to do is identify this is a CrowdStrike issue at a third party in these cases."
Fannie Mae was not impacted by the CrowdStrike outage but "is actively monitoring for any impacts on our technology partners and business counterparties," a representative said.
CrowdStrike said the single content update, for which it has deployed a fix, impacted Windows hosts and did not affect Mac and Linux systems. It said the incident was not a cyberattack.
"We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption," the company said in a statement with technical details
Mortgage companies haven't publicly reported effects from the outage. Banks have experienced some outages according to updates on
Cybersecurity experts commented on the practice of automatic updating, where many companies have appeared to have been hurt by CrowdStrike. Carlos Aguilar Melchor, chief scientist of cybersecurity at tech firm SandboxAQ, said companies "cannot accept with blind trust" software updates or cybersecurity practices.
"Every company should implement observability in their software systems right away to monitor these high-impact platforms and prevent these catastrophes," he said in an emailed comment.
The Federal Cybersecurity and Infrastructure Agency posted a notice about the incident Friday, stating it has observed threat actors "taking advantage of this incident for phishing and other malicious activity."
That warning comes amid heightened dangers for mortgage companies, which are already
"Half the world is down today," he said. "This may not have been an issue of an automatic update, as much as it is an issue of just implicit trust in our vendors to do things right."
