On March 18, 2021 a Fairway third-party (print/email) vendor erroneously sent emails to incorrect email addresses impacting a small amount of Fairway customers. These emails advised customers their loans will continue to be serviced by Fairway until further notice (Notice of Transfer Rescission).
Two unique scenarios occurred as a result of this incident:
• Scenario #1: Notice of Transfer Rescission emails were sent to an incorrect email address but successfully retrieved from the incorrect recipient (pulled back and link disabled)
• No customer data was compromised in this scenario
• Scenario #2: Notice of Transfer Rescission emails were sent to an incorrect email address and were opened and viewed by the unintended recipient
• Compromised information includes first and last names, current addresses and loan numbers in this scenario
There are two versions of the notification letter sent to customers as a result of these occurrences – one for each scenario described above – advising what occurred, what information may have been compromised, and what Fairway is doing to assist. Copies of these letters are attached to this newsflash.
Fairway is offering a complimentary five-year membership to Experian’s IdentityWorks service to each impacted customer. Both versions of the letter provide details of this service and how customers enroll. Customers must contact Experian’s IdentityWorks directly to sign up for this credit monitoring service.
Incident Response Recap:
• Letters of explanation (two versions) were mailed to impacted customers on April 29, 2021
• Fairway is offering five (5) years of credit monitoring service through Experian IdentityWorks
• Customers are directed to call the Interim Servicing Call Center with questions (800-201-7544)
• Interim Servicing will contact the Fairway Privacy Response Team who will return calls to impacted customers to provide specific details and assist customers in enrolling in the Experian IdentityWorks credit monitoring – scroll down for details, talking points and procedures
Call Handling Tips: The goals for Customer Experience team members to achieve during these calls include:
• Listen intently, express empathy and de-escalate upset customers
• Reassure customers the letter received is a legitimate communication outreach from Fairway
• Inform customers of the five-years of complimentary credit monitoring Fairway is offering through Experian’s IdentityWorks service
• Obtain valid contact information and the best time of day for Fairway’s Privacy Response team to return calls to customers who request specific details and/or assistance enrolling in the IdentityWorks service
Call Scripting: Shown below is a script to use when speaking with customers impacted by this operational incident:
"The letter you received is a legitimate and valid communication from Fairway Independent Mortgage Corporation. We are informing you of an operational incident impacting your personably identifying information We recognize this situation can be concerning and are offering important safeguards to provide you with key protections and important information you need. We sincerely apologize for any frustration or inconvenience this matter has caused.
Fairway is offering you an option to sign up for five years of complimentary credit monitoring – paid for by Fairway – through a service called IdentityWorks offered through Experian. The letter you received provides you the web address to enroll in Experian IdentityWorks and a unique activation code assigned specifically to you. Please review the information contained in this letter regarding details of the program, and you must enroll in IdentityWorks by July 31, 2021 using the activation code provided.
Fairway has a dedicated Privacy Response Team consisting of subject matter experts available to answer detailed questions you may have regarding this matter. They are also available to assist you with enrollment in the Experian IdentityWorks credit monitoring program.
Would you like for me to request an expert from our Privacy Response Team to call you?”
“Great. Please provide me your contact phone number and the best time for our Privacy Response Team to return your call?”
[Obtain information from customer and repeat information back to customer to confirm accuracy]
“Thank you for providing this information. I am forwarding this request to the Privacy Response Team now, and you will receive a return phone call within the next 24 hours.
Please be advised that most of Fairway’s employees are working remote at this time, and the caller identification on the returned call from our Privacy Response Team may not display the name of Fairway Independent Mortgage Corporation.
If they reach your voicemail, they will provide their name and a direct phone number for you to call them back.”
“Ok, and thank you. Please thoroughly read through the letter you received – if you have not already done so – as there are phone numbers and websites for additional resources you may find beneficial.
Fairway is committed to providing you the best assistance during this time, and please do not hesitate to call us back if you would like a Privacy Response Team specialist to further assist you.”
[Complete the call using established call flow procedures]
Procedure to Request a Customer Call Back from Fairway’s Privacy Response Team:
Fairway’s Privacy Response Team will return calls and speak with customers who have specific questions, request more details, or need assistance enrolling in the Experian IdentityWorks credit monitoring program.
Customers will receive a return call within 24 hours. Follow the applicable procedure listed below for requests received in the Call Centers and requests received in Servicing911:
Call Center, Customer Emails, and Online Chats through FairwayNEXT:
Obtain the following pieces of information:
• Customer's name
• Loan number
• Preferred call back phone number
• Preferred best time for the Privacy Response Team to return the call
Email this information to: DW Schabbing, Danyell Williams and Debbie Kinnard
• Subject line: "Privacy Breach Callback - Loan Number _________"
• Body of email: Include customer contact information obtained for the callback
• Send email and inform customer they will receive a call back within 24 hours
• Document the Memos/Notes regarding the inquiry and a callback was requested
Reassign all tickets relating to this Fairway Privacy Breach to Tia Farmer.
• Tia will log and track detail on each loan and request a return call from the Privacy Response Team to the customer/loan officer
• The Privacy Response Team will inform loan officers when requested customer callbacks are complete
Please contact your supervisor or manager if you have any questions.