Citywide Home Loans, a Utah-based mortgage lending company, agreed to settle a $1.2 million class action lawsuit to resolve claims surrounding a 2020 data breach.
The news was first reported by legal website Top Class Action.
The company, which has more than 800 employees and operates in 35 states, is accused of negligence for failing to protect its internal systems, leading to a data breach in November 2020. According to the lawsuit, an unauthorized person gained access to the Citywide systems and deployed a ransomware, encrypting certain systems and allegedly compromising the personally identifiable information of current and former employees of the company.
The data compromised included “names, addresses, phone numbers, dates of birth, social Security numbers, passport numbers, driver’s license numbers, credit card information, bank account information and/or medical or insurance information,” the lawsuit says.
While Citywide Home Loans denies liability for the incident, it is still settling the lawsuit to end the claims.
Under the terms of the settlement, plaintiffs can submit a claim form making them eligible to receive “two years of Kroll credit monitoring and identity theft protection services.” For those who experienced economic losses or lost time because of the data breach, they can claim a cash reimbursement if they have the right documents to support it.
Ultimately, Citywide Home Loans will pay valid claims for economic losses due to the data breach up to $5,000 and lost time up to $200. If a situation arises where all valid claims exceed $1,225,000, payments will be reduced pro rata, the settlement agreement states.
Cyber security issues are among the biggest challenges for real estate and housing finance companies. Phishing — a form of social engineering where attackers deceive people into revealing sensitive information installing malware — still remains one of the most common ways to get initial access to customer or vendor data, Ariel Manalo, chief information security officer and vice president of infrastructure at Evergreen Home Loans, said at the Mortgage Bankers Association’s technology solutions conference in April.
With the growing risk of security threats, Fannie Mae and Freddie Mac are making security mandatory, Manalo noted. Because the mortgage industry has become more technologically interconnected, companies are spending more on IT security and infrastructure. About 53% of organizations will increase IT spending in 2023, and 65% of organizations plan to increase cybersecurity spending this year, according to CSO Magazine.