As a mortgage loan servicer, Community Loan Servicing, LLC (CLS) naturally holds a great deal of sensitive personal information on its customers in its systems, for such things as mortgage loans, loan applications, and loan modifications. The complaint alleges that CLS failed to take sufficient measures to keep this personally identifying information (PII) safe, leading to a data breach that began in October 2021.
A class and two subclasses have been defined for this action:
- The Class is all individuals living in the US whose PII was accessed or exfiltrated during the data breach announced by CLS in 2022.
- The Pennsylvania Subclass is all individuals living in Pennsylvania whose PII was accessed or exfiltrated during the data breach announced by CLS in 2022.
- The Illinois Subclass is all individuals living in Illinois whose PII was accessed or exfiltrated during the data breach announced by CLS in 2022.
The complaint quotes CLS’s Notice of Data Breach filed with the California attorney general as saying that “an unauthorized person obtained access to files on [its] file servers from October 27, 2021 to December 7, 2021.” CLS eventually determined that the information of over 100,000 current and former clients had been stolen. According to the complaint, CLS began notifying attorneys general on or about August 16, 2022.
The Notice mentioned names and Social Security numbers as being stolen. The complaint also quotes the Notice as saying, “For some, the accessed files may also have included information provided in connection with a loan application, loan modification, or other items regarding loan servicing.” In a footnote, the complaint alleges, “It is clear that the personal information exposed in the Data Breach was not encrypted…”
The complaint claims, “By obtaining, collecting, and storing Plaintiffs’ and Class Members’ PII, [CLS] assumed legal and equitable duties and knew or should have known that it was responsible for protecting” that PII. It contends that CLS could have prevented the data breach by “properly securing and encrypting” the information, and that it could have mitigated its effects to an extent by destroying old information that it no longer needed to maintain.
Two of the plaintiffs in this case have reported fraudulent charges to PayPal and credit card accounts. According to the complaint, one “discovered that her telephone number’s called identification had been changed to a different name as part of a scheme by an individual attempting to flee a bail bond and required court appearance. Her telephone’s caller ID identified her number as belonging to a Mr. Collins, whom she presumes provided her telephone number to his bail bondsman as she began getting telephone calls, in or around August 2022, from a bail bonds company threatening to come to her residence to arrest Mr. Collins.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Community Loan Servicing Data Breach Complaint
November 16, 2022
As a mortgage loan servicer, Community Loan Servicing, LLC (CLS) naturally holds a great deal of sensitive personal information on its customers in its systems, for such things as mortgage loans, loan applications, and loan modifications. The complaint alleges that CLS failed to take sufficient measures to keep this personally identifying information (PII) safe, leading to a data breach that began in October 2021.
Community Loan Servicing Data Breach ComplaintCase Event History
Community Loan Servicing Data Breach Complaint
November 16, 2022
As a mortgage loan servicer, Community Loan Servicing, LLC (CLS) naturally holds a great deal of sensitive personal information on its customers in its systems, for such things as mortgage loans, loan applications, and loan modifications. The complaint alleges that CLS failed to take sufficient measures to keep this personally identifying information (PII) safe, leading to a data breach that began in October 2021.
Community Loan Servicing Data Breach Complaint