Towne Mortgage hit with wave of data breach suits

Borrowers are slamming yet another mortgage lender with class action lawsuits after it revealed a data breach last month.

Troy, Michigan-based Towne Mortgage did not say in a public notice how many of its customers were impacted in a June incident, in which a hacker may have copied data from its network. The attack compromised Social Security numbers and financial accounts and hit at least 474 Massachusetts residents, according to a Nov. 13 disclosure. 

Cybersecurity blogs report the ransomware-as-a-service group Blackbyte took credit for the attack on the dark web, although Towne like most corporate victims did not provide further details. The sizable lender, which publicly reported $1.8 billion in origination volume last year, did not return requests for comment Tuesday. 

In response to the incident, the company offered victims 24 months of complimentary credit monitoring services. Affected consumers immediately sued the company following its announcement, and the lender today faces seven class action claims in a Michigan federal court. 

Borrowers accuse the lender of negligence

The complaints resemble the litigation typically filed against mortgage firms following such incidents. Minnesota borrower Thomas Stucky, in a Nov. 19 lawsuit in the U.S. District Court for the Eastern District of Michigan, accuses the independent mortgage bank of negligence and breach of fiduciary duty in failing to protect his personal identifiable information. 

"This unencrypted, unredacted private information was compromised due to defendant's negligent and/or careless acts and omissions and its utter failure to protect its students' sensitive data," wrote counsel for Stucky. 

Plaintiffs across the lawsuits only specify a class spanning likely thousands of members, and seek unspecified damages. At least one of the complaints also seeks to enforce stronger data protection at the lender. Attorneys for the various plaintiffs didn't respond to requests for comment Tuesday. 

Towne is licensed in 46 states and Washington, D.C., and has 18 sponsored mortgage loan originators across 5 branches nationwide, including under its AmeriCU Mortgage brand, according to Nationwide Multistate Licensing System records. The company is also facing a poaching and theft of trade secrets suit from local rival United Wholesale Mortgage, which remains pending in a Michigan county court. 

Long, drawn-out battles

Summons were recently issued for Towne in several of the new lawsuits, and if similar to other cyberincident litigation, the case could last a while. 

Mortgage players in recent years have been locked in lengthy court battles with classes, or proposed classes, of borrowers over incidents that affected as few as 135,000 customers up to tens of millions of consumers. Regarding some larger mortgage hacks, lenders have agreed to settlements for massive sums, including Flagstar Bank OKing a $31.5 million sum for over 2 million victims of a 2021 breach. 

Other originators continue to contest claims by data breach victims, and have notched some minor victories. A judge last year gutted a massive data breach complaint against Bayview Asset Management, although the servicer eventually agreed to a settlement.