Lawsuit blames Brighton-based Premium Mortgage for data breach

Listen to this article

An Indiana resident is the lead plaintiff in a class action lawsuit filed against Brighton-based Premium Mortgage Corp., alleging that the firm failed to protect personal data of clients and then waited months to inform potential victims of a security breach.

Cory Rehmsmeyer, through the law firm of Weitz & Luxenberg, P.C., contends an “unauthorized actor” gained access to Premium Mortgage email accounts in late August, but the company did not notify current and former clients of the breach until January.

The complaint, filed Monday in state Supreme Court in Monroe County, alleges that the breach exposed customer names, Social Security numbers, account numbers, bank account and routing numbers, and dates of birth.

The breach began on Aug. 24, when hackers bypassed security platforms on the Premium Mortgage computer system and accessed personal information, according to the lawsuit. The breach was detected seven days later.

As a result, “plaintiff and the proposed class have suffered and will continue to suffer damages, including monetary losses, lost time, anxiety and emotional distress,” the complaint says. The plaintiff and members of the class also will continue to suffer because of how information is bought and sold on the dark web.

Premium Mortgage notified clients in a letter dated Jan. 10 that suspicious activity involving its computer system had been detected, but that there was “no evidence of actual or attempted misuse” of customer information.

The letter also said the company worked with third-party cybersecurity experts to determine what data had been accessed. Free credit monitoring was offered and recipients of the letter were urged to be vigilant looking for signs of identity theft and fraud.

The complaint, who had a mortgage through Premium Mortgage customer from 2021 to 2023, contends stolen personal information is “one of the most valuable commodities on the criminal information black market” and that it can victims years to spot identity or personal information theft, “giving criminals plenty of time to use that information for cash.”

While Premium Mortgage said in its letter that the suspicious activity was discovered on Aug. 31, the plaintiff says he didn’t receive letter of notification until Jan. 18.

“Defendant’s failure to properly notify plaintiff and members of the proposed class of the date breach exacerbated plaintiff and members of the proposed class’s injury by depriving them of the earliest ability to take appropriate measures” to protect their personal information and mitigate possible harm.”

Mortgage companies have been the target of recent cyberattacks. Mr. Cooper data was breached in October, Planet Home reported a hack in November and loanDepot announced it was hit earlier this month. Class action suits have been filed against Mr. Cooper and loanDepot, and at least two law firms are investigating the Planet Home breach.

[email protected]/(585) 653-4020