LendingTree Warns of Insider Password Heist

 
 
By Ryan Naraine  |  Posted 2008-04-23 Email Print this article Print
 
 
 
 
 
 
 

Credit Card Theft LendingTree, an IAC subsidiary that connects online borrowers with mortgage, credit card and auto loans, has suffered a major insider breach that exposed sensitive user files to lenders.

The company sent out e-mails to customers affected by the breach, warning that "several former employees may have taken Company passwords and given them to a handful of lenders."

LendingTree identified three lenders that received the stolen data and said lawsuits have been filed. The lenders are Newport Lending Group, of Irvine, Calif.; Home Loan Consultants Inc., of Newport Beach, Calif.; and Sage Credit Co., of Irvine, Calif.

The company did not say when the password heist occurred or how many customers were affected.

From a FAQ posted on the LendingTree Web site:

These lenders then used the passwords to access LendingTree customer information files, normally available only to LendingTree-approved lenders, to market loans to LendingTree's customers. The files contained loan request data such as name, address, email address, telephone number, Social Security number, income and employment information.

The company said no credit card information (account numbers or account balances) were involved in the data hijack.

"We have no evidence that any identity theft or consumer fraud has resulted from this situation," according to the LendingTree FAQ.

As StillSecure's Alan Shimel points out, this looks and smells like big-time corporate espionage.

* Photo credit: d70focus (Creative Commons 2.0).

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel