LendingTree insiders leak customer data

Summary:LendingTree, an online loan referral service owned by IAC, has informed select customers that their confidential data has been leaked to "a handful of lenders" by company insiders.An email to customers that may have been impacted by the breach refers folks to an FAQ that's basically hidden on the LendingTree site.

LendingTree, an online loan referral service owned by IAC, has informed select customers that their confidential data has been leaked to "a handful of lenders" by company insiders.

An email to customers that may have been impacted by the breach refers folks to an FAQ that's basically hidden on the LendingTree site. You can't find the FAQ from LendingTree's home page and it's not listed in its FAQ section. Meanwhile, the FAQ doesn't tie up all the loose ends such as the date of the incident either.

Here's what LendingTree has to say about the matter:

Recently, LendingTree learned that several former employees may have taken Company passwords and given them to a handful of lenders. These lenders then used the passwords to access LendingTree customer information files, normally available only to LendingTree-approved lenders, to market loans to LendingTree's customers. The files contained loan request data such as name, address, email address, telephone number, Social Security number, income and employment information.

LendingTree adds that its internal security team found the breach and reported it to authorities. But the amount of data handed over is jarring. On the bright side, LendingTree noted that no credit card information was leaked. But that's small comfort since the breach leaked all the information a crook would need to start a credit card anyway.

For remediation, LendingTree noted that it has enhanced its security and sued the lenders and people involved with the leak. Specifically, LendingTree sued Newport Lending Group, Irvine, Calif; Home Loan Consultants, Inc., Newport Beach, Calif.; and Sage Credit Company, Irvine, Calif.

To date, LendingTree sayd it has "no reason to believe any identity theft or fraudulent financial activity resulted from this situation." It adds:

You still might want to get a free credit report and file a fraud alert with the credit bureaus. When you get your credit report, look for any accounts you didn't open and/or inquiries from creditors that you didn't initiate. If you see anything you don't understand, contact the credit bureau.

Memo to LendingTree: You may want to foot the bill for some credit monitoring.

Topics: Collaboration, Banking, Government, Government : US, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.