Loan tree data breach, sensitive information potentially leaked in hack • LegalScoops

      Comments Off on Loan tree data breach, sensitive information potentially leaked in hack • LegalScoops

On June 29, 2022, Lending Tree, LLC, an online lending marketplace based in Charlotte, North Carolina, reported a data breach to the Montana Attorney General’s office.

According to the company’s data breach notice, between mid-February 2022 and sometime in June 2022, “a code vulnerability likely resulted in the unauthorized disclosure of certain sensitive personal information.”

Lending Tree discovered the “vulnerability” on June 3, 2022. He appears to have started notifying those affected on June 29, 2022.

In its data breach notice loan tree, it is stated that “the vulnerability in the code no longer exists”.

Sensitive personal information that may have been accessed or acquired includes full names, dates of birth, mailing address and social security numbers (SSN).

Lending Tree’s advisory provides no explanation of what it means by “code vulnerability”, how its data was taken or by whom. The media reported that the data is now freely available on the Internet, but, according to this report, Lending Tree denied that the data circulating online came from the company.

The full data breach notice provided to the Attorney General of Montana may be viewed here.

Lending Tree is offering affected individuals two years of free identity monitoring services through IdentityForce. The registration deadline for IdentityForce services is 90 days from the date of the letter.

For a free privacy consultation, fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).

Special California Laws Protect You

California has laws that specifically protect your personal information.

  • The California Customer Records Act(CCRA) requires businesses to implement and maintain reasonable security procedures and practices to protect consumers’ personal information. Companies must also notify affected California consumers promptly and without unreasonable delay.
  • The California Consumer Privacy Act (CCPA) contains numerous protections for the personal information of California residents, including implementing and maintaining reasonable security procedures.

If certain types of personal information, such as social security numbers and names, are not encrypted and are accessed, stolen, or hacked because a company has failed to meet its obligation to implement and maintain reasonable security concerns, an affected California resident may sue to protect their rights under the CCPA and the CCRA.

If you are a California resident and received a recent data breach notice from Lending Tree, you may be entitled to between $100 and $750 or your actual damages, whichever is greater.

Participants in Data Breach Lawsuits May Obtain Damages, an injunction (to ensure that the company has reasonable security practices in place to prevent further disclosure of consumer data) and any other action the court deems necessary to compensate data breach victims and prevent that this damage does not reoccur.

For free information about your legal right to claim compensation, fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).

Two years of identity theft services may not be enough

▸ Electronic personal data does not degrade

It’s a sad reality that cybercrimes are an attractive target for hackers: data can be bought and sold anonymously, and the going rate is around $20 per record depending on the type of information, according to the Privacy Affairs Dark Web Index 2021.

Some types of critical personal information — like social security numbers, names, and birth dates — are impossible, or nearly impossible, to change.

Thieves can choose to wait years before capitalizing on compromised personal data. The longer cyber thieves can go unnoticed, the more they profit from their illegal activities.

It pays to know what credit monitoring services can do for you

It is important to understand the benefits and limitations of any spoofing service. Not all credit monitoring and identity theft services offer the same protections or cover the same duration.

Before signing up for a credit monitoring service, here are some helpful questions to ask:

  • Does this service offer dark web monitoring?
  • Does the service monitor the three major credit bureaus on my behalf? (for example, the IdentityForce service described in the data breach notice offers a one-stop credit monitoring bureau)
  • Does the service come with insurance to cover any immediate financial loss I may incur as a result of this data breach? What proof of claim do I need to present? How am I reimbursed?
  • What if I have financial losses after the service expires?
  • Does this service help with fraudulently filed tax returns? Medical identity theft?
  • What exactly will the service do for me if my personal information is sold on the dark web?
  • Can the service prevent fraudulent charges from being made to my credit cards? Will they reimburse me if fraudulent charges are made?

Compromised SSNs can be a complicated problem

  1. A hacker with your SSN can use it to get other personal information about you.
  2. Identity thieves can use your SSN and name to apply for credit under your name. When new credit cards are used by thieves and they don’t pay, it hurts your credit. You may not know about the scam until creditors start contacting you for non-payment of the thief’s bills, or you are denied credit.
  3. Stolen SSNs can be used to fraudulently file taxes, apply for jobs, and receive other government benefits.

“Remember that a new [SSN] probably won’t solve all your problems. This is because other government agencies (such as the IRS and state motor vehicle agencies) and private businesses (such as banks and credit reporting companies) will have records under your old number.

Along with other personal information, credit reporting companies use the number to identify your credit file. So using a new number will not guarantee you a fresh start. This is especially true if your other personal information, such as your name and address, remains the same. » (Social Security Administration Publication No. 05-10064 July 2021.)

Once you know that your personal data has been disclosed, it is reasonable to take steps to avoid fears that your data will be used to cause you significant financial loss.

Compromised data also increases the risk of hacking, phishing, and increased anxiety about future loss and identity theft.

Personal data is extremely valuable, both for businesses and for criminals who want to sell this information on the dark web to identity thieves and other black marketers.

However, “it is clear that many organizations need to hone their security skills, training, practices and procedures to properly protect consumers.”[1] The stakes are high: data breach victims are more likely to also be victims of further fraud.[2]

We can help you exercise your legal rights

Experimented data breach and class action lawyers can help you exercise your rights, assess your options and decide if you are entitled to compensation under the CCPA and the CCRA.

There are no disbursements to you, because we only get paid if we win.

Confidential • Free of charge • No obligation

For free information on your legal right to claim compensation, complete the form below or call us on 1-844-BREACH8 (1-844-273-2248).

Free Privacy Consultation

[1] Source: K. Harris, Former Attorney General, California DOJ, California Data Breach Report 2012-2015 (2016).

[2] Same