A customer whose Social Security number was compromised in a hack at mortgage fintech Lower has filed a class action complaint against the lender, alleging it failed to protect its users’ personal information.
Dale Foster, a Columbia, Maryland resident, accused Lower of negligence and unjust enrichment in the suit filed Monday in the U.S. District Court of Maryland. Lower last month disclosed a breach affecting the personally identifiable information, including some Social Security numbers, of 85,958 customers, which stemmed from suspicious activity within its servers last fall.
The amount in controversy exceeds $5 million, according to the lawsuit. Foster, whose Social Security number and name were exfiltrated, criticized Lower for acknowledging the breach six months after the December incident and for not revealing more details of an investigation, which concluded in April.
“This ‘disclosure’ amounts to no real disclosure at all, as it fails to inform Plaintiff and Class Members what information belonging to them was affected,” wrote attorney Thomas Pacheco of Maryland-based Milberg Coleman Bryson Phillips Grossman, on behalf of Foster.
It’s unclear if Lower originated a home loan with Foster. A representative for the lender and Pacheco did not respond to requests for comment Wednesday.
An unauthorized actor accessed Lower’s network and removed an unspecified number of files over a five-day period last December, the company said last month. An investigation with third-party forensic specialists also found suspicious activity related to some employee email accounts between Sept. 2 and Dec. 16.
The lender didn’t reveal further details of the type of attack or the person or entities responsible, and offered impacted customers 12 months of complimentary Experian fraud consultation and credit monitoring services. The lawsuit admonished Lower’s credit monitoring offer as the firm told impacted users to self-monitor their accounts and credit reports for up to two years.
Lower is the latest mortgage company to face a federal class action complaint over a hack. Two servicers, both subsidiaries of Florida-based Bayview Asset Management, face similar legal action over a cyberattack last fall affecting over 2.6 million users. Almost a dozen bank and nonbank lenders have disclosed data breaches that occurred last fall, although none have revealed the method nor the culprits.