|
|
| Financial information for 200,000 people, including 60,000 with active mortgages, has been stolen from a Texas-based loan servicer — landing the company in court.The story began late this summer when thieves broke into Litton Loan Servicing’s office in Atlanta and stole computer and telephone equipment. The computer equipment contained customers’ names, addresses and Social Security numbers.
The lawsuit, filed recently in Ohio’s state court, alleges that more than 4,000 customers in Ohio, Kentucky and Indiana were affected by the break-in. The plaintiff’s also claim that, although the theft occurred in August, Litton’s customers weren’t notified until late September. But Litton said that, while law enforcement authorities were immediately notified, it took the company some time to rebuild the stolen database and to determine what type of notification to provide to its customers. Many of the loans were Provident Bank loans that were sold to Litton last year. “We think it is unlikely that it would be accessed,” said Larry B. Litton, Jr., Litton’s chief operating officer. “We don’t even know if the person who stole the equipment even knows what was on the hardware.“ Litton said the amount of time that it took for the company to notify its customers was reasonable because the time allowed for investigation and research, including the hiring of a private detective. “I would have loved to have been able to send out the notices sooner but the problem would have been that might have been irresponsible to send information to customers whose information was not taken,” he explained. The lawsuit says the loan servicer should have protected the information by encrypting it. But, stressing that the information was password-protected, Litton says there is no law in place requiring encryption; according to some, the safest means of protecting such information. He said that customers’ personal information will be encrypted by the end of this year. However, Colleen Hegge, an attorney with the Cincinnati-based firm handling the case, said that a variety of state and federal laws require companies to do more than password-protect such data. Litton said that he is not aware that any other lawsuits have been filed. Hegge said she will be filing a lawsuit in Kentucky’s state court at the end of this week. The suit asks that Litton establish a credit monitoring program at Litton’s expense and that the company establish new security measures, policies and procedures designed to protect the unauthorized disclosure of personal information of the members of the lawsuit, and for compensatory and punitive damages and the costs and expenses associated with the lawsuit. Asaf Buchner, an associate analyst with New York City-based Jupiter Research, said, “There is an obligation for financial service companies to protect their customers’ information and there is legislation pending in the Senate dealing with this particular issue.” He said there is a guidance put out by the Federal Financial Institutions Examination Council that requires financial service companies to go beyond simply password-protecting accounts and to use stronger measures such as biometrics to protect financial data. The council was established in 1979 to prescribe uniform standards and to promote uniformity in the supervision of financial institutions. |
|
|
Lisa D. Burden is a legal analyst for MortgageDaily.com and holds a law degree from the University of Maryland. She is currently a freelance journalist who previously wrote for Institutional Investor publications and the Baltimore Daily Record. e-mail Lisa at: burdenlisa@yahoo.com |
