Last fall, Pingora Loan Servicing and Lakeview Loan Servicing both suffered cyberattacks that impacted millions of customers, exposing personal data to hackers. Now, both servicers are facing class action suits from borrowers who are asserting that the two companies did not meat their duty to protect the borrowers’ personal data.
Pingora’s data breach lasted 41 days and resulted in at least 169,000 customers having personal data exposed. At least two pending class action suits have been consolidated in Colorado federal district court as borrowers seek to hold Pingora liable for their information being stolen.
“Due to defendant’s negligence, cyber criminals obtained everything they need to commit identity theft and wreak havoc on the financial and personal lives of thousands of individuals,” wrote attorneys for some of the data breach victims in the complaint filed last month.
The Lakeview data breach occurred from Oct. 27 through Dec. 7, 2021, and resulted in some borrowers’ names, addresses, loan numbers, and Social Security numbers being exposed . Lakeview did not determine the scope of the breach until Jan. 31, 2022, and did not provide notice to affected consumers until March 18, 2022.
“Every moment is precious to ensure that that data is not then weaponized against the rightful owner of that data through identity theft,” the lawsuit filed by Andrew Guarino stated. “Sitting on this information allowed Lakeview to dodge responsibility and inevitably worsened the Data Breach victims’ chances at weathering the storm that Lakeview created.”