Wholesale lender Nations Direct Mortgage will settle a class action suit resulting from a 2023 cyberattack that led to the leak of personal data belonging to more than 83,000 consumers.
The Henderson, Nevada-based business first began notifying victims and regulators in the months following a one-day cyber incident took place in late December 2023 . Following the data breach, the company encountered multiple lawsuits, with the estimated number of affected consumers across the U.S. totaling 83,108. Initial court filings reported the monetary amount of damages would exceed $5 million.
Under terms of the settlement, Nations Direct will reimburse each class member up to $2,750 for losses associated with the incursion, including any that led to fraud and identity theft. A subclass of California residents is also eligible for an additional payment of $75.
The lender also agreed to make available identity-monitoring services for up to 24 months, extending an initial similar offer made when it delivered the first notifications. The service includes $1 million in ID-theft insurance.
Nations Direct had not responded to a request for comment prior to publication.
In agreeing to settle, Nations Direct made no admission of fault or wrongdoing connected to the event, but plaintiffs alleged that the lender's failure to enact proper cybersecurity measures led to the data breach. Personal data that could be potentially compromised include Social Security numbers, birth dates and private
Source: https://www.nationalmortgagenews.com/news/nations-direct-agrees-to-settlement-over-2023-cyberattack
Nations Lending cybersecurity rating report: https://www.rankiteo.com/company/nationslending
"id": "NAT1764856794",
"linkid": "nationslending",
"type": "Cyber Attack",
"date": "12/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '83,108',
'industry': 'Mortgage/Lending',
'location': 'Henderson, Nevada, USA',
'name': 'Nations Direct Mortgage',
'size': None,
'type': 'Wholesale Lender'}],
'customer_advisories': 'Notified victims; offered '
'identity-monitoring services',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '83,108',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII)',
'type_of_data_compromised': ['Social Security '
'numbers',
'Birth dates',
'Private financial '
'data']},
'date_detected': '2023-12',
'description': 'Wholesale lender Nations Direct Mortgage settled '
'a class action suit resulting from a 2023 '
'cyberattack that led to the leak of personal '
'data belonging to more than 83,000 consumers. '
'The company faced multiple lawsuits after the '
'breach, with estimated damages exceeding $5 '
'million.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal data of 83,108 '
'consumers',
'downtime': '1 day',
'financial_loss': '$5 million (estimated damages)',
'identity_theft_risk': 'High (fraud and identity '
'theft reported)',
'legal_liabilities': 'Class action settlement',
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Settled',
'post_incident_analysis': {'corrective_actions': 'Settlement '
'includes '
'reimbursement '
'for losses and '
'identity-monitoring '
'services',
'root_causes': 'Alleged failure to '
'enact proper '
'cybersecurity '
'measures'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Class action settlement announcement',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Class action lawsuit',
'regulations_violated': None,
'regulatory_notifications': 'Yes '
'(notified '
'regulators)'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notified victims and '
'regulators post-incident',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Nations Direct Mortgage Data Breach Settlement',
'type': 'Data Breach'}