LoanCare Data Breach Lawsuit Says More Than 1.3 Million People Impacted by ‘Preventable’ Cyberattack
Hernandez et al. v. Fidelity National Financial, Inc. et al.
Filed: January 5, 2024 ◆§ 3:24-cv-00019
LoanCare faces a class action lawsuit over a “foreseeable” 2023 data breach in which the sensitive information of more than 1.3 million people was stolen.
LoanCare and parent company Fidelity National Financial face a proposed class action lawsuit over a “foreseeable” 2023 data breach in which the sensitive information of more than 1.3 million people was stolen by cybercriminals.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 75-page LoanCare data breach lawsuit says that ransomware group ALPHV was able to infiltrate the Fidelity National Financial subsidiary’s network and exfiltrate consumers’ unencrypted data as a result of the companies’ “negligence and dereliction of duties” to maintain adequate, industry-standard cybersecurity measures. LoanCare customers’ names, addresses, Social Security numbers and loan numbers were among the data stolen during the incident, the complaint states.
According to the case, LoanCare, which reportedly serves nearly 1.5 million customers each year, first began to notify data breach victims and state attorneys general on or about December 13, 2023. The mortgage servicer’s notice letter stated that it became aware on or around November 19 of unauthorized access to certain systems within Fidelity National Financial’s computer network, the filing shares. A subsequent investigation determined that data was exfiltrated from the parent company’s systems, including that belonging to proposed class members.
However, the case relays that LoanCare’s notice letter provides no further information about the incident, including how it occurred, what steps the company took after the breach, or whether victims’ data remains in the hands of cybercriminals.
“Further, the Notice Letter failed to advise Plaintiffs and Class Members that their information had been stolen by a notorious and aggressive Alphv, also known as BlackCat, ransomware gang,” the lawsuit says, noting that this detail only came to light due to posts by ALPHV/BlackCat that were reported by the media.
It is anticipated that the ransomware group will release all of the stolen LoanCare data onto the dark web for access, sale and download following the deadline of the ransom demands made to the defendants, the suit adds.
The lawsuit accuses LoanCare and its parent outfit of disregarding the rights of consumers by “intentionally, willfully, recklessly, and/or negligently” failing to implement adequate and reasonable cybersecurity measures to ensure their information was kept safe from unauthorized disclosure.
Ultimately, around 1,316,938 people were impacted by the LoanCare data breach, the case says.
The lawsuit looks to cover all United States residents who were sent a letter by LoanCare and Fidelity National Financial notifying them that their personally identifiable information was actually or potentially accessed or acquired during the data breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.