Posted On January 20, 2022 Consumer Privacy & Data Breaches
January 20, 2022 – In recent news, the mortgage lending company, LendUS, LLC announced that it experienced a data-security event impacting the personal information of more than 12,000 individuals. Last year, LendUS, LLC learned that several of the company’s employee’s email accounts had been compromised. While the details of how an unauthorized party gained access to the employees’ email accounts have not yet been released, through a subsequent investigation, the company determined that the names and Social Security numbers of thousands of customers were contained in various emails and attachments.
A data breach occurs when a hacker or other criminal actor secretly gains access to sensitive consumer information maintained on a company’s servers. Often, hackers target organizations they know to rely on outdated or otherwise inadequate data-security measures. Hackers will often personally use the information obtained through a cyberattack to commit identity theft. However, it is also common for a hacker to sell the data to the highest bidder.
Victims of a data breach are at an increased risk of identity theft, although they may not immediately notice suspicious activity. However, given the risks, it is imperative that affected parties take all necessary steps to protect themselves from identity theft and other potentially significant financial losses.
Anyone in receipt of a LendUS, LLC data breach letter has good reason to be concerned. Recently, the number of identity theft crimes has drastically increased. In many instances, the information needed to steal another’s identity was obtained through a data breach such as this one.
Companies have an obligation to protect consumer data, and if evidence emerges that LendUS, LLC mishandled your data leading up to the data breach, you may be eligible for financial compensation through a data breach lawsuit.
When you applied for a loan through LendUS, LLC, you provided the company with your personal information. In doing so, you trusted that the company would take your privacy seriously. Certainly, you assumed that they would take whatever steps were necessary to prevent your sensitive financial and personal identifying information from ending up in the hands of a criminal. However, the LendUS, LLC data breach raises serious questions about the company’s data security measures in place at the time of the breach.
All businesses—including LendUS, LLC—have an ethical and legal duty to protect consumers’ personal, identifying, financial and health information in their possession. While developing a robust and up-to-date data-security system comes at an additional expense, this is merely a cost of doing business in an environment where cyberattacks are common. If a company fails to protect consumers’ sensitive information, it may be liable through a data breach class action lawsuit. Of course, data breach laws are complex, news of this data breach is very recent, and, unsurprisingly, there is not yet any evidence that LendUS, LLC was negligent in how it handled consumer data. However, our data breach lawyers are actively investigating the breach to determine what legal remedies, if any, affected parties have against LendUS, LLC
If you have questions about your ability to bring a class action lawsuit against LendUS, LLC, it is important that you reach out to a data breach attorney as soon as possible.
If you receive a data breach notification from LendUS, LLC in the mail, it means that an unauthorized person may have accessed, viewed, and retained your sensitive personal information. While there is no telling why someone sought out your information and what they might do with it, given the risks involved, it is important you give the situation the attention it deserves.
Below are a few things you can do to protect yourself from identity theft and the other possible financial risks a data breach of this type presents:
LendUS, LLC is a mortgage company based in Alamo, California. The company is the result of a merger between two other mortgage lending firms, RPM Mortgage and American Eagle Mortgage. LendUS, LLC markets itself as an “ultra-attentive” servicer and provides a range of residential mortgage products.
According to the most recently available data, LendUS, LLC has approximately 720 employees across and generates about $80 million in sales.
According to the most recent news release issued by LendUS, LLC, in early 2021, the company became aware of unusual activity on several employees’ email accounts. In response, LendUS, LLC secured the affected email accounts and initiated an investigation. The investigation revealed that an unauthorized party accessed certain email accounts at various times between February 2, 2021 and March 22, 2021. While LendUS, LLC was not able to determine which emails or attachments were accessed, the company determined that the email accounts contained the names and Social Security numbers of 12,205 individuals.
LendUS, LLC notes that there is no indication that the unauthorized party used or intends to use any of the data obtained. On January 19, the company began sending out data breach notifications to all affected parties, informing them of the breach and what they can do to protect themselves.
Below is a copy of the initial data breach letter issued by LendUS, LLC (the actual notice sent to consumers can be found here):
Dear [Consumer],
LendUS, LLC (“LendUS”) understands the importance of protecting the personal information we maintain. I am writing to notify you of an incident that involved some of your personal information. This notice explains the incident, measures we have taken, and some steps you may consider taking in response.
We completed an investigation into unauthorized access to some LendUS employee email accounts. Upon first learning of the activity, we immediately took steps to secure the email accounts and began an investigation with the assistance of a cybersecurity firm. The investigation determined that an unauthorized person accessed certain accounts at various times between February 2, 2021 and March 22, 2021. The investigation was not able to determine whether any emails or attachments in the accounts were accessed or downloaded by the unauthorized individual; however, we were not able to rule out that possibility. Out of an abundance of caution, we reviewed the emails and attachments that could have been accessed or downloaded and, on December 21, 2021, determined that an email or attachment contained your <<Data Elements>>.
We wanted to make you aware of this incident and assure you that we take it very seriously. We encourage you to remain vigilant by reviewing your account statements and credit reports for any unauthorized activity. If you see charges or activity you did not authorize, please contact the relevant financial institution or credit bureau immediately. As an added precaution, we are offering you a complimentary one-year membership with Equifax CompleteTM Premier, including credit monitoring and fraud alerts. For more information on identity theft prevention and Equifax CompleteTM Premier, including instructions on how to activate your complimentary one-year membership, please see the pages following this letter.
Your confidence and trust are important to us, and we regret any inconvenience or concern this incident may cause. To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further enhance the security of our computer systems and are providing additional security awareness training for our staff. If you have any questions, please call 855-604-1753, Monday through Friday from 6:00 A.M. through 6:00 P.M. Pacific Time.
