Customers of troubled mortgage lender Countrywide already have enough to worry about due to the collapse of the housing market and the lender's sale to Bank of America. Now they can add a new worry to the list--identity theft and fraud.
As many as 2 million Countrywide customers may be at risk thanks to a data breach that lasted for nearly two years, the Los Angeles Times reported yesterday. A former Countrywide employee was arrested on August 1 and charged with illegally accessing the lender's records to sell sales leads to mortgage brokers.
Countrywide confirmed that the breach had taken place, but company spokesman Rick Davis said that the figure of 2 million victims was "too high." The company nevertheless promised to provide two years of free credit monitoring to affected individuals through the ConsumerInfo.com division of the Experian credit bureau.
ConsumerAffairs.com has already received multiple complaints from Countrywide customers affected by the breach. Herschel from Acworth, Georgia wrote that "Countrywide informed me today that an employee of their's sold the customer info to a third party. They sold my name, address, SS# mortgage loan number and various other loan and application information."
Michael from Sicklerville, New Jersey also received a letter. "They offered to fix the situation by providing me a two year free subscription to ConsumerInfo.com, which is one of their vendors," Michael said. "I find this to be insufficient, and wonder if I can take any legal action against them."
Among those affected by the breach are 28,123 Connecticut customers of Countrywide. Attorney General Richard Blumenthal demanded written guarantees that Countrywide will compensate victims of the breach.
"Countrywide consumers justifiably want an explanation for a long-term security failure that enabled an employee -- undetected and uncontrolled -- to download sensitive information over an extended period of time," Blumenthal said.
Blumenthal's office previously sued Countrywide last month for allegedly pushing customers into expensive loans using deceptive marketing tactics, and charging excessive fees and penalties. California's Attorney General Edmund Brown also sued Countrywide over similar charges in June 2008.
Authorities also warned affected customers to place credit freezes on their accounts in addition to using the free credit monitoring. Thirty-nine states and the District of Columbia all have their own credit freeze laws, and the big three credit bureaus--Experian, Equifax, and Trans Union--recently rolled out credit freeze programs to cover customers in the remaining states.
This is not the first time Countrywide may have been involved in a potential data breach. Two years ago, ConsumerAffairs.com investigated the case of Joan Carpenter from Toms River, New Jersey, who received a letter stating that an employee of Countrywide had "disclosed documents" relating to her mortgage. Countrywide refused to comment on the incident, which remains unresolved.
