Planet Home Lending, LLC, reported a data breach resulting from a ransomware attack, exposing consumers’ sensitive information, such as names, addresses, Social Security numbers, loan details, and financial account numbers. The incident, detected on November 15, 2023, prompted swift action, with unauthorized access terminated, and third-party specialists engaged for investigation. The ransomware group, exploiting a vulnerability in Citrix Systems, Inc. software, accessed a folder containing customer loan information on November 28, 2023. Following a thorough review, breach notification letters were sent on January 24, 2024, to affected individuals, providing details on the compromised information.
Planet Home Lending’s immediate response involved containing the incident, terminating unauthorized access, and collaborating with data security specialists. The breach, attributed to a vulnerability in Citrix Systems, Inc. software, allowed the ransomware group access to a folder containing loan details for certain customers. Sensitive consumer data, varying by individual, included names, addresses, Social Security numbers, loan numbers, and financial account numbers. The company’s commitment to transparency was evident in the issuance of data breach letters on January 24, 2024, outlining the specific information compromised for each affected individual.
Founded in 2007, Planet Home Lending, LLC, headquartered in Meriden, Connecticut, specializes in residential home mortgages and refinances. With a workforce exceeding 1,200 employees, the company generates approximately $618 million in annual revenue. The recent data breach highlights the challenges faced by financial services companies in safeguarding consumer data, emphasizing the need for robust cybersecurity measures to protect against evolving cyber threats.
Planet Home Lending’s disclosure of the breach reflects its dedication to addressing and communicating cybersecurity incidents promptly. The breach notification letters sent to affected individuals aim to provide transparency about the compromised information, fostering trust and accountability in the aftermath of the cyber incident.
Reference:
