Data Breach Alert: LendUs, LLC

Console and Associates, P.C.
Contact

In recent news, the mortgage lending company, LendUS, LLC announced that it experienced a data-security event impacting the personal information of more than 12,000 individuals. Last year, LendUS, LLC learned that several of the company’s employee’s email accounts had been compromised. While the details of how an unauthorized party gained access to the employees’ email accounts have not yet been released, through a subsequent investigation, the company determined that the names and Social Security numbers of thousands of customers were contained in various emails and attachments.

A data breach occurs when a hacker or other criminal actor secretly gains access to sensitive consumer information maintained on a company’s servers. Often, hackers target organizations they know to rely on outdated or otherwise inadequate data-security measures. Hackers will often personally use the information obtained through a cyberattack to commit identity theft. However, it is also common for a hacker to sell the data to the highest bidder.

Victims of a data breach are at an increased risk of identity theft, although they may not immediately notice suspicious activity. However, given the risks, it is imperative that affected parties take all necessary steps to protect themselves from identity theft and other potentially significant financial losses.

Anyone in receipt of a LendUS, LLC data breach letter has good reason to be concerned. Recently, the number of identity theft crimes has drastically increased. In many instances, the information needed to steal another’s identity was obtained through a data breach such as this one.

Companies have an obligation to protect consumer data, and if evidence emerges that LendUS, LLC mishandled your data leading up to the data breach, you may be eligible for financial compensation through a data breach lawsuit.

Can Consumers Affected by the Breach Hold LendUS, LLC Financially Responsible?

When you applied for a loan through LendUS, LLC, you provided the company with your personal information. In doing so, you trusted that the company would take your privacy seriously. Certainly, you assumed that they would take whatever steps were necessary to prevent your sensitive financial and personal identifying information from ending up in the hands of a criminal. However, the LendUS, LLC data breach raises serious questions about the company’s data security measures in place at the time of the breach.

All businesses—including LendUS, LLC—have an ethical and legal duty to protect consumers’ personal, identifying, financial and health information in their possession. While developing a robust and up-to-date data-security system comes at an additional expense, this is merely a cost of doing business in an environment where cyberattacks are common. If a company fails to protect consumers’ sensitive information, it may be liable through a data breach class action lawsuit. Of course, data breach laws are complex, news of this data breach is very recent, and, unsurprisingly, there is not yet any evidence that LendUS, LLC was negligent in how it handled consumer data. However, our data breach lawyers are actively investigating the breach to determine what legal remedies, if any, affected parties have against LendUS, LLC

If you have questions about your ability to bring a class action lawsuit against LendUS, LLC, it is important that you reach out to a data breach attorney as soon as possible.

What to Do if LendUS, LLC Sent You a Data Breach Notification

If you receive a data breach notification from LendUS, LLC in the mail, it means that an unauthorized person may have accessed, viewed, and retained your sensitive personal information. While there is no telling why someone sought out your information and what they might do with it, given the risks involved, it is important you give the situation the attention it deserves.

Below are a few things you can do to protect yourself from identity theft and the other possible financial risks a data breach of this type presents:

  • Carefully read the LendUS, LLC data breach letter to determine what information of yours was accessible;
  • Make a copy of the letter for your records;
  • Enroll in the free credit monitoring service provided by LendUS, LLC;
  • Change all your passwords and security questions for any online accounts;
  • Enable two-factor authentication, where it is available;
  • Regularly review your credit card and bank account statements for any signs of suspicious activity;
  • Monitor your credit report for any unexpected changes that may be a sign of identity theft;
  • Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
  • Notify your banks and credit card companies of the data breach.

About LendUS, LLC

LendUS, LLC is a mortgage company based in Alamo, California. The company is the result of a merger between two other mortgage lending firms, RPM Mortgage and American Eagle Mortgage. LendUS, LLC markets itself as an “ultra-attentive” servicer and provides a range of residential mortgage products.

According to the most recently available data, LendUS, LLC has approximately 720 employees across and generates about $80 million in sales.

The Details of the LendUS, LLC Consumer Data Breach

According to the most recent news release issued by LendUS, LLC, in early 2021, the company became aware of unusual activity on several employees’ email accounts. In response, LendUS, LLC secured the affected email accounts and initiated an investigation. The investigation revealed that an unauthorized party accessed certain email accounts at various times between February 2, 2021 and March 22, 2021. While LendUS, LLC was not able to determine which emails or attachments were accessed, the company determined that the email accounts contained the names and Social Security numbers of 12,205 individuals.

LendUS, LLC notes that there is no indication that the unauthorized party used or intends to use any of the data obtained. On January 19, the company began sending out data breach notifications to all affected parties, informing them of the breach and what they can do to protect themselves.

Below is a copy of the initial data breach letter issued by LendUS, LLC (the actual notice sent to consumers can be found here):

Dear [Consumer],

LendUS, LLC (“LendUS”) understands the importance of protecting the personal information we maintain. I am writing to notify you of an incident that involved some of your personal information. This notice explains the incident, measures we have taken, and some steps you may consider taking in response.

We completed an investigation into unauthorized access to some LendUS employee email accounts. Upon first learning of the activity, we immediately took steps to secure the email accounts and began an investigation with the assistance of a cybersecurity firm. The investigation determined that an unauthorized person accessed certain accounts at various times between February 2, 2021 and March 22, 2021. The investigation was not able to determine whether any emails or attachments in the accounts were accessed or downloaded by the unauthorized individual; however, we were not able to rule out that possibility. Out of an abundance of caution, we reviewed the emails and attachments that could have been accessed or downloaded and, on December 21, 2021, determined that an email or attachment contained your <>.

We wanted to make you aware of this incident and assure you that we take it very seriously. We encourage you to remain vigilant by reviewing your account statements and credit reports for any unauthorized activity. If you see charges or activity you did not authorize, please contact the relevant financial institution or credit bureau immediately. As an added precaution, we are offering you a complimentary one-year membership with Equifax CompleteTM Premier, including credit monitoring and fraud alerts. For more information on identity theft prevention and Equifax CompleteTM Premier, including instructions on how to activate your complimentary one-year membership, please see the pages following this letter.

Your confidence and trust are important to us, and we regret any inconvenience or concern this incident may cause. To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further enhance the security of our computer systems and are providing additional security awareness training for our staff. If you have any questions, please call 855-604-1753, Monday through Friday from 6:00 A.M. through 6:00 P.M. Pacific Time.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.