An investigation by Halock Security Labs of 63 U.S. large and small mortgage lenders found that 45 of the lenders allowed applicants to send personal and financial information over email, putting the applicants at risk for having their information stolen, Halock said.
"Oftentimes it was easier to have my clients send documents like W-2's through email because everyone has access to an email account," one former mortgage lender told Halock anonymously. "Most of us [lenders] didn't want to take the time to explain what a secure portal was and how to use it. Everyone understands what email is."
Graham Cluley, publisher of Graham Cluley Security News, said email is not as secure as most people think.
"Email by its very nature is insecure: 99.9 percent of it is sent unencrypted," said Cluley. "If it was invented today, no one would use it. Emailing unencrypted documents 'in the clear' creates a potential chain of issues."
"Any type of weak link in a system involving sensitive information exposes people to unnecessary risk," said Terry Kurzynski, senior partner at Halock. "It takes months to recover from an identity theft and minutes to log into a secure portal. Do the math."