Data Breach Alert: LendUs, LLC | Console and Associates, PC
In recent news, the mortgage company, LendUS, LLC announced that it has experienced a data security event affecting the personal information of more than 12,000 people. Last year, LendUS, LLC learned that several company employee email accounts had been compromised. Although the details of how an unauthorized party gained access to the employees’ email accounts have not yet been released, thanks to a subsequent investigation, the company determined that the names and social security numbers of thousands of customers were contained in various emails and attachments.
A data breach occurs when a hacker or other criminal actor secretly gains access to sensitive consumer information stored on a company’s servers. Often, hackers target organizations that they know rely on outdated or inadequate data security measures. Hackers will often personally use the information obtained through a cyberattack to commit identity theft. However, it is also common for a hacker to sell the data to the highest bidder.
Victims of a data breach are at increased risk of identity theft, although they may not immediately notice suspicious activity. However, given the risks, it is imperative that the parties involved take all necessary steps to protect themselves against identity theft and other potentially significant financial loss.
Anyone receiving a data breach letter from LendUS, LLC has good reason to be concerned. Recently, the number of identity theft crimes has increased dramatically. In many cases, the information needed to steal another’s identity has been obtained through a data breach like this.
Businesses have an obligation to protect consumer data, and if it appears that LendUS, LLC mishandled your data prior to the data breach, you may be eligible for financial compensation through a breach lawsuit. of data.
Can consumers affected by the violation hold LendUS, LLC financially liable?
When you applied for a loan through LendUS, LLC, you provided the company with your personal information. By doing so, you trusted that the company would take your privacy seriously. Surely you assumed that they would take all necessary measures to prevent your sensitive financial and personal identifying information from ending up in the hands of a criminal. However, the LendUS, LLC data breach raises serious questions about the company’s data security measures in place at the time of the breach.
All companies, including LendUS, LLC, have an ethical and legal duty to protect the personal, identifying, financial, and health information of consumers in their possession. Although developing a robust and up-to-date data security system entails additional expense, it is only a cost of doing business in an environment where cyberattacks are common. If a company fails to protect sensitive consumer information, it can be held liable through a data breach class action lawsuit. Of course, data breach laws are complex, news of this data breach is very recent and, unsurprisingly, there is no evidence yet that LendUS, LLC has been negligent in the way it has processed consumer data. However, our data breach lawyers are actively investigating the breach to determine what legal remedies, if any, the affected parties have against LendUS, LLC
If you have questions about your ability to bring a class action lawsuit against LendUS, LLC, it is important that you contact a data breach attorney as soon as possible.
What to do if LendUS, LLC sent you a data breach notification
If you receive a data breach notification from LendUS, LLC in the mail, it means that an unauthorized person may have accessed, viewed, and retained your sensitive personal information. While it’s impossible to say why someone sought your information and what they might do with it, given the risks involved, it’s important that you give the situation the attention it deserves.
Below are some steps you can take to protect yourself against identity theft and other possible financial risks that such a data breach presents:
- Read the LendUS, LLC data breach letter carefully to determine what information about you was accessible;
- Make a copy of the letter for your records;
- Sign up for the free credit monitoring service provided by LendUS, LLC;
- Change all your passwords and security questions for all online accounts;
- Enable two-factor authentication, where available;
- Regularly review your credit card and bank account statements for any signs of suspicious activity;
- Monitor your credit report for any unexpected changes that could be a sign of identity theft;
- Contact one of the major credit bureaus to ask them to add a fraud alert to your profile; and
- Notify your banks and credit card companies of the data breach.
About LendUS, LLC
LendUS, LLC is a mortgage company based in Alamo, California. The company is the result of a merger between two other mortgage companies, RPM Mortgage and American Eagle Mortgage. LendUS, LLC markets itself as an “ultra-attentive” manager and offers a range of residential mortgage products.
According to the most recent data available, LendUS, LLC has approximately 720 employees and generates approximately $80 million in sales.
LendUS, LLC Consumer Data Breach Details
According to the latest press release issued by LendUS, LLC, in early 2021 the company became aware of unusual activity on the email accounts of several employees. In response, LendUS, LLC secured the affected email accounts and initiated an investigation. The investigation revealed that an unauthorized party accessed certain email accounts at various times between February 2, 2021 and March 22, 2021. Although LendUS, LLC was unable to determine which emails or attachments had been viewed, the company determined that the email accounts contained the names and social security numbers of 12,205 people.
LendUS, LLC notes that there is no indication that the unauthorized party has used or intends to use any of the data obtained. On January 19, the company began sending data breach notifications to all affected parties, informing them of the breach and what they can do to protect themselves.
Below is a copy of the original data breach letter issued by LendUS, LLC (the actual notice sent to consumers can be found here):
LendUS, LLC (“LendUS”) understands the importance of protecting the personal information we maintain. I am writing to inform you of an incident involving some of your personal information. This notice explains the incident, the actions we have taken, and some actions you may consider taking in response.
We have investigated unauthorized access to certain LendUS employee email accounts. Upon learning of the activity, we immediately took action to secure the email accounts and launched an investigation with the assistance of a cybersecurity firm. The investigation determined that an unauthorized person accessed certain accounts at various times between February 2, 2021 and March 22, 2021. The investigation was unable to determine whether emails or exhibits attached accounts had been viewed or downloaded by the unauthorized person; however, we were unable to rule out this possibility. Out of an abundance of caution, we reviewed emails and attachments that could have been viewed or downloaded, and on December 21, 2021, we determined that an email or attachment contained your .
We wanted to let you know about this incident and assure you that we are taking it very seriously. We encourage you to remain vigilant by reviewing your account statements and credit reports for any unauthorized activity. If you see any charges or activities that you did not authorize, please contact the financial institution or credit bureau immediately. As an added precaution, we’re giving you a free one-year membership to Equifax CompleteTM Premier, including credit monitoring and fraud alerts. For more information on Identity Theft Prevention and Equifax CompleteTM Premier, including instructions on how to activate your free one-year subscription, please see the pages that follow this letter.
Your trust is important to us, and we regret any inconvenience or concern this incident may cause. To prevent such a situation from happening again, we have implemented additional technical protection and security measures to further improve the security of our IT systems and offer additional security awareness training for our staff. If you have any questions, please call 855-604-1753, Monday through Friday, 6:00 a.m. to 6:00 p.m. Pacific Time.