Lakeview Loan Servicing, the fourth largest U.S. mortgage loan servicer, recently suffered a data breach that exposed the Personal Identifying Information (PII) of over 2.5 million clients to the dark web.
According to a lawsuit, hackers gained access to Lakeviews’ servers on or about October 27, 2021 but Lakeview wasn’t aware of the access until December 7, 2021. It wasn’t until January 31, 2022 that a review process generated a preliminary estimate of the individuals affected by the Data Breach.
Beginning on March 18th 2022, Lakeview began notifying current and former customers of the breach and the extent of sensitive personal information stolen. Lakeview further advised affected customers that the information has already been placed for sale on the dark web. Information for sale includes –
- dates of birth,
- phone numbers,
- financial or bank account information,
- Social Security numbers,
- insurance information and account numbers,
- medical information, including history condition, treatment and diagnoses, medical record numbers,
- driver’s license numbers and
- email addresses.
As a result of the breach the lawsuit contends that those affected are at permanent risk of identity theft. Despite the permanent future risk, Lakeview offers to pay only the first year for credit monitoring services and only if enrollment prior to a stated deadline.
Plaintiffs are seeking damages against Lakeview to remediate its failure to secure their data and to provide sustained credit monitoring, identity theft insurance and credit repair services to protect against identity theft and fraud beyond the initial year for which they offer as settlement.