As its name says, Community Loan Servicing, LLC (CLS) does business by services loans throughout the country. It therefore maintains a good deal of personally identifiable information (PII) on individuals related to loan applications, loan modifications, and the like. This class action alleges that CLS did not adequately protect the information it maintained in its system and that it bears responsibility for the data breach it suffered in late 2021.
The class for this action is all persons CLS has identified as being among the individuals affected by the data breach, including all those who were sent a notice of the data breach.
The data breach took place between October 27 and December 7, 2021, the complaint alleges, and exposed names and Social Security numbers and possibly (the notice says) “information provided in connection with a loan application, loan modification, or other items regarding loan servicing.”
The complaint alleges that CLS “intentionally, willfully, recklessly, or negligently fail[ed] to take adequate and reasonable measures to ensure its data systems were protected against unauthorized intrusions.” “Upon information and belief,” the complaint alleges, “the PII was not encrypted prior to the data breach.”
Unfortunately, CLS did not even notify the individual victims of the data breach until almost a year later, in October 2022.
The complaint quotes the notice as saying that the victims should “be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity over the next 12 to 24 months.” However, the notice also announces that CLS is offering victims only one year of credit and identity monitoring services.
The complaint faults the notice itself for a number of things. For example, the complaint says, it does not say whether CLS was able to end the threat of more data breaches in the future, and it does not include any information on how the data breach occurred in the first place.
According to the complaint, given the spectacular data breaches of recent years, at leading companies such as Microsoft, Facebook, and Advanced Info Service, CLS should have been on notice of the dangers and prevalence of data breaches and should have taken adequate steps to protect its own files.
“Indeed,” the complaint alleges, “cyberattacks have become so notorious that the FBI and U.S. Secret Service have issued a warning to potential targets so they are aware of and take appropriate measures to prepare for and are able to thwart such an attack.” The complaint claims that CLS “had the resources necessary to prevent the Data Breach but neglected to adequately invest in security measures…”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Community Loan Servicing Data Breach Complaint
November 7, 2022
As its name says, Community Loan Servicing, LLC (CLS) does business by services loans throughout the country. It therefore maintains a good deal of personally identifiable information (PII) on individuals related to loan applications, loan modifications, and the like. This class action alleges that CLS did not adequately protect the information it maintained in its system and that it bears responsibility for the data breach it suffered in late 2021.
Community Loan Servicing Data Breach ComplaintCase Event History
Community Loan Servicing Data Breach Complaint
November 7, 2022
As its name says, Community Loan Servicing, LLC (CLS) does business by services loans throughout the country. It therefore maintains a good deal of personally identifiable information (PII) on individuals related to loan applications, loan modifications, and the like. This class action alleges that CLS did not adequately protect the information it maintained in its system and that it bears responsibility for the data breach it suffered in late 2021.
Community Loan Servicing Data Breach Complaint