Loan broker reveals breach
Five Southern California home lenders improperly tapped into the personal financial information of some customers seeking loans through LendingTree Inc., according to a lawsuit filed this week by the Internet mortgage broker.
The suit, filed Monday in Orange County Superior Court, alleges that two former executives of LendingTree, which matches prospective home buyers with lenders, swiped customer passwords and gave the lenders unauthorized access to consumer information.
The former executives were not named as defendants in the suit.
LendingTree sent letters Monday to some of its customers alerting them to the potential identity theft. The letter was sent to customers who submitted loan-qualification data between October 2006 and early this year. It recommends that they obtain a free copy of their credit report and check for any suspicious activity.
LendingTree, a unit of IAC/InterActive Corp., declined to say how many warnings it sent out. But one person familiar with the case said anyone who had used the site during the period of improper access was warned. That could be millions of people, based on the 23 million applications the company says it has processed since 1998.
Named as defendants in the lawsuit are Newport Lending Corp., related company Southern California Marketing, Sage Credit Co., Chapman Capital Inc. and Home Loan Consultants. LendingTree accuses the firms of computer fraud and of using consumer records -- including Social Security numbers and income and employment information -- to offer loans to its customers.
Sage President Quentin Caruana said he hadn’t seen the suit and wasn’t sure of the allegations. The others didn’t return calls or could not be reached.
The suit claims that former LendingTree Vice President Jarrod Beddingfield and former Senior Vice President David Anderson recorded the passwords of employees and outside lenders that were authorized to access LendingTree customers’ data.
LendingTree said it believed that Newport Lending or Southern California Marketing paid Beddingfield and Anderson for the passwords, then sold them, or the consumer information obtained with them, to the three other companies.
Beddingfield and Anderson could not be reached for comment.
LendingTree said it had no evidence that the defendants had used the information for purposes other than to offer loans. It said its security staff was working with authorities to investigate the breach.