LendingTree sues mortgage firms over security breach

Online lender says former employees gave passwords to outside lenders who then access sensitive customer data.

LendingTree on Monday told customers that their sensitive information was leaked in a security breach and that it has sued three lending companies as a result.

LendingTree

Several former employees of LendingTree are believed to have taken company passwords and given them to a handful of lenders who then accessed LendingTree customer data files, the company said.

The data includes customer names, Social Security numbers, addresses, e-mail addresses, telephone numbers, and income and employment information, but not credit card information, LendingTree said in an e-mail to customers and on a frequently-asked-questions page on its Web site.

The outside lenders are believed to have accessed LendingTree customer loan request forms between October 2006 and early 2008. The lenders then tried to market loans to the customers, LendingTree says.

LendingTree's internal security uncovered the security breach and the company quickly reported it to authorities and made several security system changes. A LendingTree spokeswoman declined to say exactly when the breach occurred, when it was discovered, or how many customers were affected.

"We have no reason to believe any identity theft or fraudulent financial activity resulted from this situation," the FAQ says. "You still might want to get a free credit report and file a fraud alert with the credit bureaus. When you get your credit report, look for any accounts you didn't open and/or inquiries from creditors that you didn't initiate."

The e-mail to customers also advises that they have the right to obtain a police report and may also request a security freeze on their credit report file.

As a result of the breach, LendingTree has sued three California lenders: Newport Lending Group and Sage Credit Company, both of Irvine, and Home Loan Consultants of Newport Beach. None of the firms immediately returned calls seeking comment.

LendingTree could also face lawsuits from its customers, as well as sanctions from the U.S. Federal Trade Commission, particularly given the potential for identity theft, according to Brian Cleary, vice president of marketing at Aveksa, an enterprise security governance software company.

"Organizations have an obligation to protect sensitive customer information like this," Cleary said. More than half of the data breaches these days are due to insiders leaking the information, he added.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Nissan gives new Murano bold style (pictures)
Top great space moments in 2014 (pictures)
This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
ZTE's wallet-friendly Grand X (pictures)
Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)
Top-rated reviews of the week (pictures)