The servers that were accessed contained Shore Mortgage customers' information, including names, contact information, birthdates, driver's license numbers, Social Security numbers and/or financial account information.
While the intrusion appears to have begun on June 2, 2013, Shore Mortgage wasn't made aware of it until August 15, 2013.
"We have ... taken several steps to prevent this incident from reoccurring," Shore Mortgage vice president Erin Castro wrote in the notification letter [PDF]. "We have increased procedural controls over our vendor, including requiring our vendor to retrain its employees on their own security measures, as well as additional security measures Shore requires that they follow. We have also implemented numerous security protocols and additional monitoring procedures."
All those potentially affected are being offered one year of free identity protection through Experian's ProtectMyID Alert service.