[Dataloss] LendingTree sues mortgage firms over security breach (fwd)

security curmudgeon jericho at attrition.org
Wed Apr 23 05:22:49 UTC 2008



---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>

http://www.news.com/8301-10784_3-9926007-7.html

By Elinor Mills
News Blog
News.com
April 22, 2008

LendingTree on Monday told customers that their sensitive information was 
leaked in a security breach and that it has sued three lending companies 
as a result.

Several former employees of LendingTree are believed to have taken company 
passwords and given them to a handful of lenders who then accessed 
LendingTree customer data files, the company said.

The data includes customer names, Social Security numbers, addresses, 
e-mail addresses, telephone numbers, and income and employment 
information, but not credit card information, LendingTree said in an 
e-mail to customers and on a frequently-asked-questions page on its Web 
site.

The outside lenders are believed to have accessed LendingTree customer 
loan request forms between October 2006 and early 2008. The lenders then 
tried to market loans to the customers, LendingTree says.

LendingTree's internal security uncovered the security breach and the 
company quickly reported it to authorities and made several security 
system changes. A LendingTree spokeswoman declined to say exactly when the 
breach occurred, when it was discovered, or how many customers were 
affected.

[..]


More information about the Dataloss mailing list