Planet Home Lending's PII breach suit lurches towards settlement

Planet Home Lending is close to settling a consolidated class action suit lodged against it for allegedly failing to protect the personal identifiable information of customers during a hack in late 2023.

On May 13, a Connecticut federal judge issued a preliminary order approving a $2.42 million settlement between plaintiffs and the mortgage lender.

Plaintiffs of the suit could receive up to $2,000 from the settlement fund and class counsel intends to seek an award of a little over $800,000, documents show. The preliminary settlement was first covered by Law360.

An agreement on the material terms of the settlement was reached on March 29, "following a full day of arms' length negotiation and mediation" between the two parties.

During the negotiations, Planet Home Lending provided proof it has implemented security measures following the data incident. The class of potential members is made up of 285,000 individuals.

Notice of the settlement will be sent out via email or postcard to class members who then have up to 30 days prior to the final approval hearing to opt out. No date for the final approval hearing has been set as of May 23.

A press representative for Planet Home Lending said the company is "pleased the matter has been resolved."

"Regrettably, in today's era, attacks of this nature are becoming more common and complex, and the mortgage origination and servicing sector has not been immune," she added in a written statement Thursday. "We apologize for any concern the data breach may have caused our customers and for any difficulties encountered."

Close to 300,000 Planet Home Lending customers were impacted by the cyber hack that took place Nov. 15, 2023. The intrusion was discovered the same day, the lender revealed previously.

In January, Planet Home Lending explained the hack occurred due to a vulnerability in its information security systems purchased from Citrix Systems.

The mortgage company noted prolific hackers LockBit used said vulnerability to bypass its protections and steal customer data, including names, addresses, loan numbers and financial account numbers. Some impacted customers have alleged that following the breach they saw an increase in spam emails and text messages.

Similarly, Mr.Cooper and Loandepot face numerous lawsuits after cyber hacks impacted their systems and exposed personal identifiable information of customers. As of May 2023, a consolidated lawsuit against Mr. Cooper in Texas is still pending.

For reprint and licensing requests for this article, click here.
Law and legal issues Industry News Data breaches
MORE FROM NATIONAL MORTGAGE NEWS