How Safe Is Your Personal Data With Mortgage Lenders?

Written by Kirk Haverkamp

Updated January 4, 2024

House on a trend line graph
Read Time: 5 minutes

Table of Contents

You provide reams of personal and financial information to your mortgage lender when applying for a home loan or refinance. But how safe is this information?

Brian Seibert, president of Michigan First Mortgage in Waterford, Mich., says that lenders need some of your personal information to make sound lending decisions. The days of borrowers sailing through the mortgage process without having to prove their financial health are long gone.

Whether you’re interested in securing a mortgage or getting a refinance, here’s what you need to know about your personal data in the mortgage industry.

» MORE: Compare top mortgage refinancing lenders

Is your data safe when you apply for a mortgage?

Typically, you can trust reputable mortgage lenders to handle your data responsibly. Even small lenders usually handle client information through secure online portals nowadays. But that doesn’t mean you shouldn’t be vigilant.

In the mid-2000s, it wasn’t uncommon for mortgage lenders to have applicants send data such as W2s through unencrypted email attachments. In fact, according to a study by Schaumburg, Illinois-based HALOCK Security Labsmore than 70% of mortgage lenders used to do so. But, times have changed, and best practices dictate that lenders and applicants transfer this information through secure-only portals or other methods of encrypted communication.

Additionally, there are federal protections to ensure you know what data is being collected and how it being used by your lender. The federal Gramm-Leach-Bliley Act says that financial institutions must notify consumers of how much or little of their financial information they share with third parties.

Ask your lender about their safeguards and policy

Make sure to do your due diligence by figuring out exactly how your mortgage lender handles your data and their policies surrounding sharing data with third parties. You should also speak to your loan officer for more details.

You’ll want to be confident that their online portals or other methods of document transfer are secure. The industry standard is usually bank-level encryption. You’ll also want to see who they share their data with. It’s not uncommon for them to share some data, and in many cases, it’s necessary—your lender has to provide your basic personal information to one of the three credit bureaus to receive your credit report when you apply, for example.

Can your information be sold?

Mortgage lenders and other financial institutions might be able to sell your information, but what they can do is limited by the Gramm-Leach-Billey Act.

When you apply for a mortgage loan, the Gramm-Leach-Billey act requires that lenders provide you a document stating exactly what they do with your personal information and if they share it with others.

This document should state why your lender shares your information, whether it’s to help third parties perform the services they need to help your lender close your loan, or to help your lender identify financial products that might interest you, or to help third parties do the same.

The act also requires lenders to give you options to opt-out, so you can be confident that your data doesn’t fall into third-party hands.

» MORE: Check your 2024 home refinance eligibility

How to minimize risk when applying

Even if you have the option to send your documents (such as W2s and bank information) through email, request an option to share this information through a secure channel. It may be tempting to go with the easier option, but cybercriminals are able to access emails a lot easier than secure portals.

If that’s not an option, see if you can mail your documents to lenders or drop them off in person.

Additionally, the document you receive from your lender describing what they do with your information should list a phone number, website or mailing address that you can access to tell your lender that you don’t want them to share your personal information for marketing or promotional purposes. You should be able to check options that, for example, forbid your lender from sharing information about your credit score with their affiliated credit-card branches.

Make sure to request this paperwork and to ask your lender to explain how it shares your personal information before you close your mortgage.

To minimize your risk, here are some other tips:

  • Use strong passwords: Ensure that your online accounts, especially those related to your mortgage application, have strong, unique passwords. Use a combination of letters, numbers, and symbols, and avoid easily guessable information like birthdays or names.
  • Enable two-factor authentication (2FA): Whenever possible, enable two-factor authentication for your online accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.
  • Shred physical documents after use: If you’re submitting physical documents, shred unnecessary paperwork with personal information before disposal. This helps prevent identity theft through dumpster diving.
  • Regularly monitor your accounts: Keep a close eye on your bank accounts, credit cards, and other financial accounts. Set up account alerts for any suspicious activities or transactions. Early detection can help minimize potential damage.
  • Secure Wi-Fi connection: Ensure that your home Wi-Fi network is password-protected and uses encryption (WPA3 is recommended). Avoid using public Wi-Fi networks for any sensitive transactions or communications.

» MORE: See today’s refinance rates

Is it safe to give a bank statement to a mortgage company?

It’s safe to give a bank statement to a reputable mortgage company through encrypted methods of communications, such as a secure online portal requiring a password. A mortgage company will usually ask you for bank statements to ensure you have a consistent stream of income and to check your monthly expenses.

It’s not safe to send bank statements through unencrypted emails, as unauthorized third parties could take advantage and intercept or view the files.

» MORE: Find competitive mortgage rates near you

Do mortgage companies sell your information?

Mortgage companies usually won’t sell your information, but credit bureaus will receive your information and may sell your profile as a “lead.”

If you’re sending your information to a mortgage company, they’re usually far enough along in the process that they want to be your mortgage provider, so they wouldn’t want to give your information away to potential competitors.

Additionally, you have the right to see what information your lender is sharing with third parties, and you can also opt-out, according to the Gramm-Leach-Bliley Act.

Note that your lender likely won’t sell your data, but it’s more likely that they sell your mortgage. This is a common practice amongst lenders in which they sell your mortgage to be serviced and owned by another lender, called the secondary mortgage market. Nothing about your mortgage terms will change, but it can be alarming.

Kirk Haverkamp

Kirk Haverkamp is the editor and chief staff writer of Refi.com. An award-winning reporter and editor with more than 25 years experience in journalism and public relations, his background includes covering community affairs for the Romeo (Mich.) Observer newspaper and writing about natural resources issues for the Great Lakes Commission in Ann Arbor, Mich. before joining Refi.com. He’s also a contributor to Credit.com, Investopedia and the MetroMode online magazine chain, among other work. He has a B.A. in English from Hope College and a Master’s Degree in journalism from Michigan State University.

Current Mortgage Rates

Current Home Equity Rates

Current Auto Rates

Compare Rates and Save on Your Mortgage Loan

See Today's Rates

Refi.com is a property of Three Creeks Media, LLC. Neither Refi.com nor Three Creeks Media are associated with or endorsed by the U.S. Departments of Defense or Veterans Affairs. The content on Refi.com is produced by Three Creeks Media, its partners, affiliates and contractors, any opinions or statements on Refi.com should not be attributed to the Dept. of Veterans Affairs , the Dept. of Defense or any governmental entity. If you have questions about Veteran programs offered through or by the Dept. of Veterans Affairs, please visit their website at va.gov. The content offered on Refi.com is for general informational purposes only and may not be relevant to any consumer’s specific situation, this content should not be construed as legal or financial advice. If you have questions of a specific nature consider consulting a financial professional, accountant or attorney to discuss. References to third-party products, rates and offers may change without notice.

Advertising Notice: Refi.com and Three Creeks Media, its parent and affiliate companies, may receive compensation through advertising placements on Refi.com. For any rankings or lists on this site, Refi.com may receive compensation from the companies being ranked; however, this compensation does not affect how, where, and in what order products and companies appear in the rankings and lists. If a ranking or list has a company noted to be a “partner” the indicated company is a corporate affiliate of Refi.com. No tables, rankings, or lists are fully comprehensive and do not include all companies or available products.

Editorial Disclosure: Editorial content on Refi.com may include opinions. Any opinions are those of the author alone, and not those of an advertiser to the site nor of Refi.com.

Information from your device can be used to personalize your ad experience.