Planet Home Lending faces wave of class actions over PII breach

Customers of Planet Home Lending have filed at least six lawsuits accusing the mortgage lender of failing to protect their personal identifiable information.

At least one of the class action suits also includes technology firm Citrix Systems, Planet's vendor, as a defendant.

The legal actions are in reaction to a ransomware attack that compromised the Social Security numbers of close to 300,000 Planet Home Lending customers. Alongside that, customers' names, addresses, loan numbers and financial account numbers were leaked, a notice filed by the mortgage lender in January said.

Planet Home Lending explained that the hack occurred last fall due to a vulnerability in its information security systems purchased from Citrix Systems. The mortgage company noted prolific hackers LockBit used said vulnerability to bypass its protections and steal customer data.

The most recent action, filed Feb. 16 in Florida, accuses Planet Home Lending of leading customers astray regarding the safety of their data. The plaintiff is also suing Citrix Systems for its vulnerability, first discovered last August, which was used by the ransomware gang to gain access to customer PII.

Antonio Cole, a customer of Planet, argues he gave his data to Planet "with the reasonable expectation and understanding that Planet's third-party vendors, like defendant Citrix, would comply with their duty to keep such information confidential and secure from unauthorized access." 

As a result of the cyberattack, Cole claims he became a victim of credit card fraud and has seen an increase in spam emails and text messages.

Planet's spokeswoman said that as a matter of policy the company does not comment about legal matters. However, she added that the "suit[s] are without merit" and that the mortgage lender's operations were not adversely impacted.

Cole's suit is urging the court to issue injunctive relief mandating Planet to use appropriate security controls to prevent another breach from occurring. "The risk of another breach is real, immediate and substantial," the legal filing argues.

Companies in the financial services space have been actively targeted by ransomware gangs in recent months. 

Alphv, otherwise known as BlackCat, has claimed responsibility for the cyber attack that hit Loandepot, Academy Mortgage and Fidelity National. Meanwhile, Lockbit has been linked to Planet's breach.

The federal government and overseas partners have attempted to take down both criminal organizations.

In mid-December, the Department of Justice claimed to have launched a disruption campaign targeting Alphv's operations. That same month, international authorities seized the ransomware gang's dark-web leak internet site.  Despite this, Alphv has continued to target companies in the mortgage lending industry.

Meanwhile, Feb. 20, the DOJ and the United Kingdom announced they disrupted LockBit's operations by seizing control of servers used by the online gang. 

A recent report from a provider of wire and title fraud protection has pointed to the mortgage "industry's lack of readiness" in mitigating potential cyber attacks. FundingShielf warned that fraud-related events are likely to increase as the tools available for cyber criminals to attack the mortgage and title space grows.

Aging technology applications with gaps in security updates and an availability of artificial intelligence-driven tools to deploy attacks can be potential avenues for nefarious players to attack the financial services sector, FundingShield's report published January said.