As part of its ongoing efforts to protect the integrity of its systems and technology, the Federal Housing Administration published Mortgagee Letter 2024-10 to implement new procedures for reporting cyber-attacks.
Effective immediately, FHA-approved mortgagees that experience a potential or actual cyber incident must notify HUD via the FHA Resource Center at answers@hud.gov and HUD’s Security Operations Center at cirt@hud.gov within 12 hours of detection with the required information as outlined in the ML.
Once notified of an incident, representatives from HUD will contact the designated representative from the institution reporting the incident to determine the appropriate mitigation steps based on the nature of the incident.