fbpx

AmeriFirst Data Breach Exposure of Customer PII Class Action

As a provider of mortgage loans, AmeriFirst Financial, Inc. collects and stores a great deal of sensitive, private information on customers. The complaint for this class action alleges that AmeriFirst “is among those companies that have failed to meet their obligation to protect the sensitive personal identifying information (PII) entrusted to them by their customers.”

The class for this action is all persons living in the US who are customers of AmeriFirst or its affiliates, parents, or subsidiaries whose PII was exposed in the data breach that occurred between December 2 and 10, 2020.

The complaint quotes from the Notice of Data Breach sent out by AmeriFirst: “On or about April 12, 2021, [AmeriFirst] ascertained that our electronic data storage of certain customers’ loan file information was compromised, which resulted in the exposure of your personal information. It appears that the exposure began on or about December 2, 2020, and ended on or about December 10, 2020.”

The information exposed or stolen includes, among other things names, Social Security numbers, driver’s license numbers, and passport numbers. AmeriFirst’s filing with the Maine attorney general counted the number of people affected as 103,607.

The complaint notes that stolen PII is often sold to criminals on the “dark web,” which the complaint calls “a heavily encrypted part of the Internet that is not accessible via traditional search engines.” It says, “Law enforcement has difficulty policing the ‘dark web’ due to this encryption, which allows users and criminals to conceal identities and online activity.”

A large market exists for stolen information, because the fraud that can be perpetrated can be so valuable. When actual identity theft happens, it can be difficult to detect and even more difficult to remedy.

The Federal Trade Commission (FTC) publishes Protecting Personal Information: A Guide for Business, which offers guidelines for businesses for data security. The complaint alleges that AmeriFirst did not follow these guidelines or other FTC recommendations for data security.

The complaint claims that the FTC has brought enforcement actions for failure to adequately protect data, “treating the failure to employ reasonable and appropriate measures to protect against unauthorized access to confidential consumer data as an unfair act or practice prohibited by Section 5 of the Federal Trade Commission Act…”

“By allowing an unknown third part to access AmeriFirst’s data storage system and expse customers’ PII,” the complaint alleges, “AmeriFirst failed to employ reasonable and appropriate measures to protect against unauthorized access to confidential customer data, and as a result, allowed an unknown third party to access its data storage and expose customers’ PII.”

The complaint further faults AmeriFirst for its delay in reporting the data breach.

Article Type: Lawsuit
Topic: News, Privacy

Most Recent Case Event

AmeriFirst Data Breach Exposure of Customer PII Complaint

April 26, 2021

As a provider of mortgage loans, AmeriFirst Financial, Inc. collects and stores a great deal of sensitive, private information on customers. The complaint for this class action alleges that AmeriFirst “is among those companies that have failed to meet their obligation to protect the sensitive personal identifying information (PII) entrusted to them by their customers.”

AmeriFirst Data Breach Exposure of Customer PII Complaint

Case Event History

AmeriFirst Data Breach Exposure of Customer PII Complaint

April 26, 2021

As a provider of mortgage loans, AmeriFirst Financial, Inc. collects and stores a great deal of sensitive, private information on customers. The complaint for this class action alleges that AmeriFirst “is among those companies that have failed to meet their obligation to protect the sensitive personal identifying information (PII) entrusted to them by their customers.”

AmeriFirst Data Breach Exposure of Customer PII Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy