Mortgage servicer says prior data breach hit 100,000 more users

Last fall’s massive data breach at Lakeview Loan Servicing was larger than initially discovered, as the servicer revealed it impacted 100,000 more borrowers.

The number of total customers whose personally identifiable information was compromised now sits at 2,638,057 following Lakeview’s disclosure filed with the Office of the Maine Attorney General last week. Lakeview, which claims it is the nation’s fourth-largest servicer, said the additional 100,796 affected users had their PII compromised over the same 41-day incident window between Oct. 27 and Dec. 7.

Lakeview faces a class action lawsuit in the Southern District of Florida U.S. District Court from clients alleging the servicer failed to protect their PII. The suit, combined from 17 individual complaints, includes victims of a large data breach at Pingora Loan Servicing, another subsidiary of Lakeview’s parent company, Florida-based Bayview Asset Management.

A representative for Lakeview and an attorney who filed the Maine notice didn’t respond to requests for comment Monday. A spokesperson for Lakeview previously said the servicer’s operations were not disrupted following the hack.

The breach at Pingora involved at least 175,000 customers according to filings with state attorneys general offices in Hawaii, Iowa, Montana, Texas and Washington. Bayview has not disclosed the full scope of the Pingora incident. The parent company is required to respond to the Florida lawsuit by Aug. 1.

The servicers’ data breaches were part of a cluster of cyberattacks at mortgage firms last fall, although it’s unclear if any are connected, as firms remain tight-lipped about the culprits and types of attacks. Earlier this month, mortgage fintech Lower disclosed a December incident impacting nearly 86,000 customers, while Maine Capital Group revealed a December data breach involving 876 users.

Lender American Financial Services found suspicious activity within its servers last December affecting 216,645 users, while Chesterfield, Missouri-based Gershman Investment Corp. revealed a September breach involving the PII of 52,737 customers. 

At least six other bank and nonbank mortgage lenders have disclosed hacks affecting a combined hundreds of thousands of users since the beginning of the year. An Albuquerque, New Mexico-based credit union lender earlier this year said it was investigating claims of responsibility for a data breach by a ransomware gang. Mortgage firms aren’t especially exposed to the threat of ransomware attacks but the incidents can be devastating, as evidenced by the Cloudstar attack last summer.