Planet Home Lending said in a notice to the Maine Attorney General’s Office last week that the hack exploited vulnerabilities in an information security system that Planet Home Lending purchased from technology company Citrix Systems. The breach occurred on November 15, 2023, and Planet Home Lending said it discovered the intrusion that day.
“Planet is able to determine with a reasonable degree of certainty that the threat actor accessed a read-only folder that stored copies of loan documents that contained some of the customer’s personally identifiable information,” the company said in a consumer notification dated Jan. 1. . twenty four.
The personally identifiable information leaked included customer names, addresses, SSNs, loan numbers and financial account numbers.
The lender said it does not expect to pay ransom to the perpetrators in line with industry guidance; it did not specify the ransom demand. The November hack was unrelated to an incident involving Planet Home Lending.
Neither the company nor the attorney who filed the Maine disclosure responded to requests for comment Monday.
The Citrix vulnerability was first discovered in August, and the technology company began releasing software updates in early October.
Planet Home Loans says
The lender claims there is no evidence data was misused and is offering affected consumers free credit monitoring and identity theft protection for 24 months through Experian’s IdentityWorks. It also offers up to $1 million in identity theft coverage, underwritten by American Bankers Insurance, a Florida company operated by Assurant.
Last year, Planet Home Lending originated more than $950 million in loans through September, according to S&P Global. The Meriden, Connecticut-based company had 179 secured mortgage originators at the end of last year and 35 branches nationwide, according to National Multistate Licensing System data. .
The latest disclosure is another significant breach by the mortgage lender.
Smaller lenders Premium Mortgage Corp. and United Home Loans were also recently exposed in the Maine data breach. Premium, a lender based in Rochester, N.Y., said 10,835 customers were affected by a hack in August; United, based in Western Springs, Ill., said 5,324 customers had their PII It was leaked in an incident in March 2023.