Mortgage servicer reveals data breach affecting 2.5 million users

Lakeview Loan Servicing disclosed a massive data breach that went undetected for over a month last fall and compromised the personal information of over 2 million customers.

The company, which claims it is the nation’s fourth-largest servicer, said in public notices the breach impacted 2,537,261 borrowers between Oct. 27, 2021 and Dec. 7, 2021, and was identified in early December. An unauthorized person obtained access to the firm’s servers and information including names, addresses, loan information and Social Security numbers, according to the notices, one of which said the incident was an “external system breach (hacking).”

Since the servicer’s disclosure in mid-March, affected customers have filed eight class action suits in a Florida federal court accusing Lakeview of breach of fiduciary duty, among other counts, in failing to protect personally identifiable information.

“This PII was compromised due to Defendant’s negligent, careless and intentional acts and omissions and the failure to protect the PII of Plaintiff and Class Members,” wrote Daniel Rosenthal, an attorney with DBR Law, P.A., in a complaint on behalf of Jennifer Morrill, an affected California customer.

Morrill’s suit states the amount at stake exceeds $5 million, and that there are more than 100 members in the proposed class. A filing Friday in Morrill’s case suggests the class actions be condensed, pending a judge’s approval. Rosenthal declined to comment on the litigation Monday.

Lakeview in a statement declined to comment on the lawsuits and said it notified appropriate third parties and individuals following its discovery of the cyberattack.

“Like many other organizations, Lakeview experienced a security incident in 2021,” the statement said. “Steps were taken to immediately contain the incident, law enforcement was notified, and a thorough investigation was conducted by a forensic investigation firm. Lakeview’s operations were not disrupted.”

The servicer had not experienced a breach in the past 12 months, according to a public filing with the Maine Attorney General’s Office submitted by outside counsel for the firm. Lakeview also offered complimentary one-year Kroll credit monitoring and identity theft protection services to affected customers.

The revelation comes amid heightened fraud risk for mortgage companies, which are especially exposed to cyber threats compared to other financial institutions. A new FundingShield Q1 2022 report states one out of every three transactions has elements of wire or title fraud risk, and wire errors and perpetuated fraud instances are elevated in around 6% of transactions.

“Keep in mind, even one transaction is pretty fatal,” said Ike Suri, chairman and CEO of FundingShield, a mortgage and title fraud protection firm. “And we're talking pretty large numbers when it comes to these percentages.”

Security experts said the size of affected customers in the Lakeview breach, and amount of information exposed, was significant.

“That’s a lot of information that will have ripple effects on current business and ongoing dealings of those people and the business itself,” Suri said. “That’s not small.”

For reprint and licensing requests for this article, click here.
Fraud Industry News Servicing
MORE FROM NATIONAL MORTGAGE NEWS