LendingTree insiders leak customer data

LendingTree insiders leak customer data

Summary: LendingTree, an online loan referral service owned by IAC, has informed select customers that their confidential data has been leaked to "a handful of lenders" by company insiders.An email to customers that may have been impacted by the breach refers folks to an FAQ that's basically hidden on the LendingTree site.

SHARE:

LendingTree, an online loan referral service owned by IAC, has informed select customers that their confidential data has been leaked to "a handful of lenders" by company insiders.

An email to customers that may have been impacted by the breach refers folks to an FAQ that's basically hidden on the LendingTree site. You can't find the FAQ from LendingTree's home page and it's not listed in its FAQ section. Meanwhile, the FAQ doesn't tie up all the loose ends such as the date of the incident either.

Here's what LendingTree has to say about the matter:

Recently, LendingTree learned that several former employees may have taken Company passwords and given them to a handful of lenders. These lenders then used the passwords to access LendingTree customer information files, normally available only to LendingTree-approved lenders, to market loans to LendingTree's customers. The files contained loan request data such as name, address, email address, telephone number, Social Security number, income and employment information.

LendingTree adds that its internal security team found the breach and reported it to authorities. But the amount of data handed over is jarring. On the bright side, LendingTree noted that no credit card information was leaked. But that's small comfort since the breach leaked all the information a crook would need to start a credit card anyway.

For remediation, LendingTree noted that it has enhanced its security and sued the lenders and people involved with the leak. Specifically, LendingTree sued Newport Lending Group, Irvine, Calif; Home Loan Consultants, Inc., Newport Beach, Calif.; and Sage Credit Company, Irvine, Calif.

To date, LendingTree sayd it has "no reason to believe any identity theft or fraudulent financial activity resulted from this situation." It adds:

You still might want to get a free credit report and file a fraud alert with the credit bureaus. When you get your credit report, look for any accounts you didn't open and/or inquiries from creditors that you didn't initiate. If you see anything you don't understand, contact the credit bureau.

Memo to LendingTree: You may want to foot the bill for some credit monitoring.

Topics: Collaboration, Banking, Government, Government US, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • So Lending Tree is suing them

    What is the recourse for the victims? If Lending Tree gets rewarded damages, do the victims have to sue Lending Tree to get damages? After all, the accessing of the personal information can't be undone, but Lending Tree can beef up their security.
    Taz_z
    • good question

      I have emails/calls into lending tree as of this am. No luck yet though.
      Larry Dignan
    • RE: LendingTree insiders leak customer data

      It's sooooooooo cute! I'm giggling like crazy. <a href="http://www.replicawatches.me.uk">replica watches</a>
      lovedong
  • Sure we can trust "the cloud"

    Don't think so...
    No_Ax_to_Grind
    • RE: Sure we can trust "the cloud"

      [b]Ya, right?!???[/b]

      For some reason, the "cloud' just burst, and its raining.

      [b]Now, I have to wonder' [i]"Why is the rain [u]brown[/u] and [u]yellow???[/u]"[/i][/b]

      Looks like Lending Tree insiders just p----d and s--t all over their customers.
      fatman65535
  • BS

    Thanks for nothing Lending Tree. They like most companies recommend fraud alerts because they're free to them. Nevermind that they don't actually help!

    If they had any integrity, they would recommend and pay for credit freezes for their customers. Credit freezes are the ONLY thing that currently will PREVENT Id theft from happening.

    http://www.jeremyduffy.com/top-issues/credit-security-freezes/
    JeremyDuffy
  • RE: LendingTree insiders leak customer data

    Solidcore recently published the results of a survey that is an interesting read (http://www.solidcore.com/learn/pci_report.html). Most IT heads feel that the cost of complying with regulations like PCI is far less than the cost of a breach.
    AnalystPCI