Data breaches are quietly plaguing more lenders as their impacted customers continue to seek recourse via class action lawsuits. 

Virginia-based McLean Mortgage is facing four federal complaints after it revealed that the personal identifiable information of 30,453 of its customers was compromised in an October incident. The company, which disclosed the results of an investigation last month, appears to have gone out of business last year. 

Like other firms responding to breaches, McLean shared few details of the incident, and offered victims 12 months of complimentary credit identity monitoring services. Plaintiffs, who say they’re seeking over $5 million in damages, are seeking to consolidate their claims. 

The Fairfax, Virginia-based lender hasn’t had an active origination license this year and voluntarily surrendered licenses in its home state last October, weeks after the date of the reported hack, according to Nationwide Multistate Licensing System records. The lender, which in past years had exceeded $1 billion in annual origination volume, saw a large portion of its workforce move to American Pacific Mortgage in 2023. 

Attorneys for the two sides didn’t respond to requests for comment Wednesday. 

New American Funding fires vendor which suffered a hack

The large lender and servicer earlier this month said an unspecified number of its customers may have had their PII exposed in an incident at one of its vendors. The company said it immediately investigated a report on June 6 of a possible disclosure of customer data at Mobile Notary Zone, and has since received little information from the company about what happened. 

In a statement Wednesday, the company explained it used MNZ in the past to obtain signatures from customers on loan documents necessary for closing. The lender notified any customer whose personal information was previously provided to the firm. 

“At New American Funding, we are committed to maintaining the trust and confidence of our customers and will continue to take steps to prevent such incidents in the future,” the statement read.

In a disclosure to a California regulator, NAF said it immediately terminated the services provided by MNZ.

At least 400 consumers were affected, according to separate notices in Massachusetts and Oregon. Pennsylvania resident Ryan Marton, who filed a similar data breach claim against NAF last week, suggested the number of consumers impacted is believed to be in the thousands. 

An attorney for Marton didn’t return requests for comment Wednesday. 

The average cost of a data breach is rising

The notices come months after two more lenders revealed cybersecurity incidents, including a ransomware attack at Pacific Residential Mortgage. The Oregon-based company, which formally merged with Go Mortgage earlier this year, is also facing two class action lawsuits over the incident. 

Companies facing similar litigation have reached settlements with consumers in recent years between six to eight figures. The overall cost to respond to such incidents is also rising, according to a new report from IBM. 

Average breach costs in the U.S. reached $10.22 million this year, the technology giant found. Higher regulatory fines and detection and escalation costs contributed to the rising mark, as the overall global average cost of a data breach fell for the first time in five years.