24
Jun
pencil

Cenlar Vendor Exela Experiences Cyber Incident

We want to make you aware that Exela, our lockbox/check processing vendor, has experienced a cyber incident. Out of an abundance of caution, Exela immediately shut down operations, leading to a 3-day backlog in processing. We expect processing to resume tomorrow, with the backlog completely resolved by Monday, June 27.

Cenlar itself was not attacked, and based on the information provided by Exela, no homeowner data has been compromised at this time. Exela’s ongoing investigation is being headed by a forensics/cyber response team, with Cenlar receiving periodic updates from the vendor.

In conjunction with our third-party Security Operations Center (SOC), Cenlar’s cybersecurity analysts scanned our networks, and found no evidence of compromise in our systems. Cenlar’s security team, SOC and in-place cyber defenses will continue to monitor for malware and respond per our standards and playbooks.

We’ve been advised that Exela is making progress, and more than half of its operations have been restored to date. All payments will be effective dated to reflect the date of receipt when processing resumes. No credit reporting or late fees will be assessed to the impacted payments. In addition, HELOC statements will be held and delivered once all payments are processed and properly validated.

Our team is in close contact with Exela, and the information provided above is the most up-to-date and complete at this time. We will advise you as soon as we have new information to share.

We thank you for your patience as we continue to work to obtain more information from Exela.