Borrowers are slamming yet another mortgage lender with class action lawsuits after it revealed a data breach last month.
Troy, Michigan-based Towne Mortgage did not say in a public notice how many of its customers were impacted in a June incident, in which a hacker may have copied data from its network. The attack compromised Social Security numbers and financial accounts and hit at least 474 Massachusetts residents, according to a Nov. 13 disclosure.
Cybersecurity blogs report the ransomware-as-a-service group Blackbyte took credit for the attack on the dark web, although Towne like most corporate victims did not provide further details. The sizable lender, which publicly reported $1.8 billion in origination volume last year, did not return requests for comment Tuesday.
In response to the incident, the company offered victims 24 months of complimentary credit monitoring services. Affected consumers immediately sued the company following its announcement, and the lender today faces seven class action claims in a Michigan federal court.
Borrowers accuse the lender of negligence
The complaints resemble the litigation typically filed against mortgage firms following such incidents. Minnesota borrower Thomas Stucky, in a Nov. 19 lawsuit in the U.S. District Court for the Eastern District of Michigan, accuses the independent mortgage bank of negligence and breach of fiduciary duty in failing to protect his personal identifiable information.
"This unencrypted, unredacted p
Source: https://www.nationalmortgagenews.com/news/towne-mortgage-faces-lawsuits-over-data-breach
Towne Mortgage cybersecurity rating report: https://www.rankiteo.com/company/townemortgage
"id": "TOW1764720251",
"linkid": "townemortgage",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'incident': {'affected_entities': [{'customers_affected': 'At least 474 '
'Massachusetts '
'residents, total '
'number unknown',
'industry': 'Financial Services',
'location': 'Troy, Michigan, USA',
'name': 'Towne Mortgage',
'size': 'Large (reported $1.8 billion in '
'origination volume in 2022)',
'type': 'Mortgage Lender'}],
'customer_advisories': 'Offered 24 months of complimentary '
'credit monitoring services',
'data_breach': {'data_encryption': 'Unencrypted (as per lawsuit)',
'data_exfiltration': 'Possible',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security '
'numbers',
'Financial '
'accounts']},
'date_detected': '2023-06',
'date_publicly_disclosed': '2023-11-13',
'description': 'Towne Mortgage, a Troy, Michigan-based mortgage '
'lender, experienced a data breach in June where '
'a hacker may have copied data from its network. '
'The attack compromised Social Security numbers '
'and financial accounts, affecting at least 474 '
'Massachusetts residents. The '
'ransomware-as-a-service group Blackbyte claimed '
'responsibility for the attack on the dark web. '
'The company offered affected victims 24 months '
'of complimentary credit monitoring services and '
'faces multiple class action lawsuits.',
'impact': {'brand_reputation_impact': 'Negative',
'conversion_rate_impact': None,
'customer_complaints': 'Multiple class action '
'lawsuits',
'data_compromised': 'Social Security numbers, '
'Financial accounts',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action lawsuits, '
'Potential regulatory fines',
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'motivation': 'Financial gain, Data exfiltration',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Possible',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'Blackbyte'},
'references': [{'date_accessed': None,
'source': 'Cybersecurity blogs',
'url': None},
{'date_accessed': None,
'source': 'Towne Mortgage public notice',
'url': None},
{'date_accessed': None,
'source': 'U.S. District Court for the Eastern '
'District of Michigan (Nov. 19 '
'lawsuit)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Class action '
'lawsuits',
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public notice, '
'Complimentary credit '
'monitoring services '
'offered',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Blackbyte',
'title': 'Towne Mortgage Data Breach and Ransomware Attack',
'type': 'Data Breach, Ransomware'}}