How Safe Is Your Personal Data With Mortgage Lenders?

Read Time: 5 minutes

You provide reams of personal and financial information to your mortgage lender when applying for a home loan or refinance. But how safe is this information?

Brian Seibert, president of Michigan First Mortgage in Waterford, Mich., says that lenders need some of your personal information to make sound lending decisions. The days of borrowers sailing through the mortgage process without having to prove their financial health are long gone.

Whether you’re interested in securing a mortgage or getting a refinance, here’s what you need to know about your personal data in the mortgage industry.

Is your data safe when you apply for a mortgage?

Typically, you can trust reputable mortgage lenders to handle your data responsibly. Even small lenders usually handle client information through secure online portals nowadays. But that doesn’t mean you shouldn’t be vigilant.

In the mid-2000s, it wasn’t uncommon for mortgage lenders to have applicants send data such as W2s through unencrypted email attachments. In fact, according to a study by Schaumburg, Illinois-based HALOCK Security Labsmore than 70% of mortgage lenders used to do so. But, times have changed, and best practices dictate that lenders and applicants transfer this information through secure-only portals or other methods of encrypted communication.

Additionally, there are federal protections to ensure you know what data is being collected and how it being used by your lender. The federal Gramm-Leach-Bliley Act says that financial institutions must notify consumers of how much or little of their financial information they share with third parties.

Ask your lender about their safeguards and policy

Make sure to do your due diligence by figuring out exactly how your mortgage lender handles your data and their policies surrounding sharing data with third parties. You should also speak to your loan officer for more details.

You’ll want to be confident that their online portals or other methods of document transfer are secure. The industry standard is usually bank-level encryption. You’ll also want to see who they share their data with. It’s not uncommon for them to share some data, and in many cases, it’s necessary—your lender has to provide your basic personal information to one of the three credit bureaus to receive your credit report when you apply, for example.

Can your information be sold?

Mortgage lenders and other financial institutions might be able to sell your information, but what they can do is limited by the Gramm-Leach-Billey Act.

When you apply for a mortgage loan, the Gramm-Leach-Billey act requires that lenders provide you a document stating exactly what they do with your personal information and if they share it with others.

This document should state why your lender shares your information, whether it’s to help third parties perform the services they need to help your lender close your loan, or to help your lender identify financial products that might interest you, or to help third parties do the same.

The act also requires lenders to give you options to opt-out, so you can be confident that your data doesn’t fall into third-party hands.

How to minimize risk when applying

Even if you have the option to send your documents (such as W2s and bank information) through email, request an option to share this information through a secure channel. It may be tempting to go with the easier option, but cybercriminals are able to access emails a lot easier than secure portals.

If that’s not an option, see if you can mail your documents to lenders or drop them off in person.

Additionally, the document you receive from your lender describing what they do with your information should list a phone number, website or mailing address that you can access to tell your lender that you don’t want them to share your personal information for marketing or promotional purposes. You should be able to check options that, for example, forbid your lender from sharing information about your credit score with their affiliated credit-card branches.

Make sure to request this paperwork and to ask your lender to explain how it shares your personal information before you close your mortgage.

To minimize your risk, here are some other tips:

  • Use strong passwords: Ensure that your online accounts, especially those related to your mortgage application, have strong, unique passwords. Use a combination of letters, numbers, and symbols, and avoid easily guessable information like birthdays or names.
  • Enable two-factor authentication (2FA): Whenever possible, enable two-factor authentication for your online accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.
  • Shred physical documents after use: If you’re submitting physical documents, shred unnecessary paperwork with personal information before disposal. This helps prevent identity theft through dumpster diving.
  • Regularly monitor your accounts: Keep a close eye on your bank accounts, credit cards, and other financial accounts. Set up account alerts for any suspicious activities or transactions. Early detection can help minimize potential damage.
  • Secure Wi-Fi connection: Ensure that your home Wi-Fi network is password-protected and uses encryption (WPA3 is recommended). Avoid using public Wi-Fi networks for any sensitive transactions or communications.

Is it safe to give a bank statement to a mortgage company?

It’s safe to give a bank statement to a reputable mortgage company through encrypted methods of communications, such as a secure online portal requiring a password. A mortgage company will usually ask you for bank statements to ensure you have a consistent stream of income and to check your monthly expenses.

It’s not safe to send bank statements through unencrypted emails, as unauthorized third parties could take advantage and intercept or view the files.

Do mortgage companies sell your information?

Mortgage companies usually won’t sell your information, but credit bureaus will receive your information and may sell your profile as a “lead.”

If you’re sending your information to a mortgage company, they’re usually far enough along in the process that they want to be your mortgage provider, so they wouldn’t want to give your information away to potential competitors.

Additionally, you have the right to see what information your lender is sharing with third parties, and you can also opt-out, according to the Gramm-Leach-Bliley Act.

Note that your lender likely won’t sell your data, but it’s more likely that they sell your mortgage. This is a common practice amongst lenders in which they sell your mortgage to be serviced and owned by another lender, called the secondary mortgage market. Nothing about your mortgage terms will change, but it can be alarming.

Kirk Haverkamp

Kirk Haverkamp is an award-winning reporter and editor with more than 25 years of experience in journalism and public relations. He has contributed to, Investopedia, and MetroMode online magazines, among other work. He has a B.A. in English from Hope College and a Master’s Degree in journalism from Michigan State University.

See How Much Home You Can Afford

Start Here

Connect with a lender to help determine your homebuying budget.