Borrowers request consolidation of KeyBank data breach suits

A dozen KeyBank mortgage borrowers whose personally identifiable information was compromised in a hack at an insurance firm this summer are seeking to consolidate their federal class actions suits.

Plaintiffs from six lawsuits accuse the bank and Overby-Seawell Company of negligence, among other counts, for failing to protect their mortgage information and Social Security numbers in a data breach. Their request filed Tuesday is pending before the U.S. Judicial Panel on Multidistrict Litigation. 

The complaints seek an unspecified amount of damages over the breach at OSC, where the full scope of the attack has yet to be disclosed. OSC provides ongoing verification of residents' property insurance coverage, according to data breach disclosures with state attorneys general offices. An unauthorized party gained remote access to OSC's network July 5, exposing data including mortgage and insurance data and the first eight digits of borrowers' Social Security numbers. 

A representative for KeyBank said the company had no comment on pending litigation, and referred to an earlier statement acknowledging the attack and the companies' response. A representative for OSC and the attorney for the consolidation effort didn't respond to messages Wednesday.

KeyBank data breach victims are requesting the cases be centralized in the Western District of Pennsylvania, citing the convenience of the venue for plaintiffs and witnesses. An initial appearance is scheduled Nov. 1.

Plaintiffs include borrowers from New York, Ohio, Oregon, Pennsylvania and Washington, who had mortgages either originated or serviced by KeyBank within the past five years. Some mortgage customers allegedly had a plethora of information compromised, including their name, mortgage property address, account number, telephone number, home insurance policy information and the first eight digits of their Social Security numbers.

The total number of impacted KeyBank clients remains unknown, but at least 7,002 consumers across California, Massachusetts, Montana and Texas were impacted, according to disclosures. The OSC cyberattack also compromised the PII of 111,663 Fulton Bank customers, according to another notice. Servers at both depositories were unaffected by the hack.

Three Pennsylvania residents have also submitted two separate class action complaints against Fulton Bank and OSC, although the filings didn't state whether the plaintiffs were mortgage or banking customers. Counsel for Fulton in the past few weeks have requested extensions of time to respond to each suit, according to court records. 

KeyBank originated $3.2 billion in consumer mortgages in the second quarter and will host a third quarter earnings call Thursday morning before the market opens. Fulton Bank Tuesday revealed it originated $4.5 billion in the third quarter, an 8.8% increase over its $4.2 billion mark in the prior quarter.

The depositories aren't the only banks facing a growing list of consumer lawsuits stemming from data breaches. At least 16 customers of Troy, Michigan-based lender Flagstar Bank have filed complaints against the firm over its hack affecting 1.5 million of its clients, according to a filing Wednesday by a plaintiff in a Michigan federal court. The KeyBank actions are still pending a ruling on consolidation. 

The largest mortgage-related hack in the past year has drawn the largest class action case. Twenty-three plaintiffs have combined their complaints against three servicers owned by Bayview Asset Management, which suffered a cyberattack affecting over 4 million borrowers last fall. Plaintiffs last week responded to the companies' motion to dismiss, and the massive case is scheduled for a trial in 2024.

For reprint and licensing requests for this article, click here.
Law and legal issues Cyber security Industry News
MORE FROM NATIONAL MORTGAGE NEWS