Mortgage servicer sued by borrowers over data breach

Another mortgage servicer is facing multiple federal class action lawsuits over a large data breach it suffered last year.

Plaintiffs in two separate complaints filed this month accuse Pingora Loan Servicing of failing to protect their personally identifiable information in a breach that lasted 41 days last fall. Pingora last month acknowledged the hack impacting at least 169,000 customers across four states but has yet to disclose the full scope of the attack.

“Due to Defendant’s negligence, cyber criminals obtained everything they need to commit identity theft and wreak havoc on the financial and personal lives of thousands of individuals,” wrote William Federman, an attorney with Federman and Sherwood, on behalf of two data breach victims in a suit filed earlier this month in Colorado U.S. District Court.

Plaintiffs in the Colorado case claim their PII has already been compromised, and victims across the two suits are suing for counts including negligence, breach of implied contract and unjust enrichment. An attorney Monday requested the Colorado Pingora suit be consolidated with a similar class action complaint against Lakeview Loan Servicing in a Florida U.S. District Court. Lakeview suffered a cyberattack over the same timeframe last fall, impacting 2.5 million of its own customers, and was hit with at least eight class action suits following its disclosure.

Pingora and an attorney for both Pingora and Lakeview didn’t respond to a request for comment Tuesday.

The lawsuits come as financial institutions including three lenders report another wave of cyberattacks. Chesterfield, Missouri-based Gershman Investment Corp., which operates Gershman Mortgage, disclosed last week a data breach last September impacting 52,737 customers. The firm hired two separate cybersecurity consultants to investigate the hack, which compromised information including Social Security and financial account numbers.

Data breaches have also been reported by Conshohocken, Pennsylvania-based TurnKey Realty LLC, which impacted the PII of 41,203 customers and Austin, Texas-based lender Public Employees Credit Union, which disclosed a hack affecting the PII of 28,606 customers.

Albuquerque, New Mexico-based lender First Financial Credit Union disclosed a hack impacting 229,000 customers earlier this year. First Financial didn’t respond to requests for comment Tuesday, but its CEO previously told the Albuquerque Business Journal the credit union was investigating data breach claims from a ransomware gang.

Ransomware is a popular weapon for cybercriminals, experts say, and the tool has already been responsible for one of the industry’s more devastating attacks, on title software firm Cloudstar. Mortgage firms reporting data breaches in the last two months haven’t disclosed the types of attacks they suffered or the culprits behind data breaches.