Lender says rival stole trade secrets, data breach followed

A New England lender is suing a regional competitor for violating trade secrets laws in a poaching incident that appears to have prompted a data breach disclosure to clients.

Sturbridge, Massachusetts-based Northpoint Mortgage is accusing three Integrity Mortgage employees of breach of contract in the suit filed last week in the U.S. District Court for the District of Maine. The workers allegedly switched companies in late November and took from Northpoint a large amount of customer information.

Northpoint on Dec. 21 also notified 131 customers last month of a data breach incident that occurred around the time of the employee departures, according to a filing with the Office of the Maine Attorney General. An unidentified mortgage loan originator exported client data including Social Security numbers to a lender at which they intended to take employment, the letter said.

While there is precedent for lenders providing data breach notifications related to poaching incidents, Northpoint's description of insider wrongdoing as cause for its November data breach is a rare admission of the type of cyberattack a mortgage firm has suffered. 

A representative for Northpoint and counsel for the firm declined to comment on the lawsuit and on whether the data breach was related to the poaching lawsuit. Integrity also didn't respond to a request for comment.

The employees who resigned from Northpoint on Nov. 22 and allegedly took with them customer information are two former loan partners and senior loan officer and mortgage loan originator Casey Hamlin, who is now a branch manager at Integrity. Hamlin also has an ownership and equity interest in Integrity, Northpoint claims.

Hamlin declined to comment in a message last week. Integrity announced Hamlin's hiring in a post on its homepage, in which the business says he'll join the management/ownership team. 

The lawsuit claims that the trio worked with Integrity staff and representatives to download and transfer client data including personally identifiable information ranging from Social Security numbers to financial and loan information. Northpoint cites emails dated Nov. 21 and Nov. 22 between the two former loan partners and employees at Integrity, in which the competitor's workers confirm a data transfer and thank the Northpoint workers.

The team also allegedly attempted to solicit at least five other Northpoint employees, the complaint said, while Hamlin was said to fraudulently misrepresent to Northpoint clients that his branch was acquired by Integrity.

The data breach notification said the unidentified former employee and company the data was shared with are cooperating to destroy the data permanently and irrevocably, but it's unclear whether those identified are Hamlin and Integrity. Northpoint, which described the breach as "insider wrongdoing," offered its impacted customers complimentary Experian credit monitoring services for a 12-month period. 

Northpoint counts 14 offices across Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island and Florida and is licensed to lend in 14 states and the U.S. Virgin Islands. The lender, founded in 2005, counts 94 employees on LinkedIn and offers conventional, government-insured and jumbo loans. 

Integrity, founded in 2019, has offices in Portland, Maine and Yarmouth, Maine and has 82 workers, according to LinkedIn. The company has closed over 23,000 loans in the past three years, it claims, and offers conventional, government-insured and construction loans. 

Lenders have filed numerous lawsuits in the past year accusing competitors of raiding their ranks, although most remain pending amid mediation, preliminary injunction and pre-trial stages.