LendingTree sued over data breach

One month after suing three lending firms, LendingTree has now been sued by a Bronx man who claims a security breach with the mortgage site has harmed his credit score, led to higher credit card interest rates, and resulted in him getting rejected for at least one loan.

The lawsuit against LendingTree, filed late last week in U.S. District Court in Manhattan, seeks class action status. Filed on behalf of Marvin Garcia, it alleges that LendingTree was negligent in failing to keep customer personal information secure and failing to notify customers of the security breach in a timely manner.

The breaches--which involved names and Social Security numbers among other personal information--are believed to have begun in October 2006, but LendingTree did not notify customers until last month.

LendingTree also is placing the responsibility and cost on customers for monitoring their credit reports and trying to repair negative impacts on their credit history from the breach, the lawsuit says.

After being notified of the breach, Garcia obtained a copy of his credit report and found that nearly a dozen lenders had pulled his personal information for review without his permission, which affected his credit score, interest rates, and mortgage loan application, according to the lawsuit, which was filed by lawyers at the firm of Meiselman, Denlea, Packman, Carton & Eberz.

A LendingTree representative did not immediately return a call seeking comment on the lawsuit.

LendingTree said last month it was suing Newport Lending Group and Sage Credit Company, both of Irvine, Calif., and Home Loan Consultants of Newport Beach, Calif., over the breach. LendingTree said at the time that several former employees were believed to have taken company passwords and given them to a handful of lenders who then accessed LendingTree customer data files.

[The_Decider]

It is about time that the people hold these companies responsible for its shoddy security practices. I hope it gains momentum and draws in other incompetent companies and organizations like the VA, other credit card companies, universities, and Microsoft.

[mikekrause]

Bravo! Sadly, the best thing about corporations is also the worst thing about corporations - they exist to make as much money as possible. Hitting them where it hurts is really the only way to affect change and force an end this irresponsibility. Let's hope the guy gets millions.

[The_Decider]

Other countries require that their corporations also act responsibly for the benefit of its customers and community.

That is why the US is lagging behind everyone.

As an example, this is why the US broadband service flat out sucks while other countries supply better connections to those out in the sticks that Americans living in cities get.

[humanssssss]

"Let's hope this guy gets millions." His credit worthy at the time of the loss, depending on his credit, may not be worth millions. Having a higher interest rate as a result of the damage can amount to about 1-2% differential over a period of the loan which at best is around $100K. As it is known, this is a mistake and can easily be corrected at the credit bureau and will drastically reduce LendingTree liability. If he plans to get millions, I would question the judicial system.

People are too happy to sue these days. You have to look at the fair value of this lost not the potential or what could of or would of. Speculation is not evidence.

[dunkansmom]

This has opened our eyes..We had no idea these people did this when we applied last year.How can we help?Is there a way to contact them?

[mikeburek]

You're going after the wrong guy. Yes, there was some negligence in letting the info out, but the people who make the system really suck are the credit reporting agencies. Who actually holds the records of your life and makes it hard for anyone but the real person to put info there? Why is it so hard to remove a bad address, yet easy to loan someone $10,000? Who actually charges the customer to freeze a credit report to prevent fraud? That's like a newspaper writing an article that is only hearsay and they calling up the subject of the article and telling them for $10 they won't print the article.

[johnfranks1234]

An excellent and timely article: It's amazing that breaches and thefts keep happening. Considering ?what goes around, comes around?, I wonder how soon any one of us has personal experience with identity theft? It's also interesting that reactive measures don't concentrate on the obvious solution ? a proactive treatment and training of people, and reinforcements to their corresponding security awareness. In those regards, there is a defined eCulture called "The Business-Technology Weave" that helps to influence employee behaviour as regards security, use and integrity of data - as well as protection of hard assets (such as laptops). This is particularly relevant: http://www.businessforum.com/DScott_02.html . Some good stuff here too: www.david-scott.net . We use his book at work - stupid mistakes like deleted and misplaced data have dropped tremendously. Our CEO even requires our vendors to read it. It?s making a huge difference.

[benjaminstraight]

Let's hold companies responsible. One person matters.