by Doug Pollack
The Los Angeles Times last week reported that Mortgage firm Countrywide, in response to alleged data breach, offers free credit monitoring.” They report that personal information including social security numbers have been stolen from over 2 million Countrywide mortgage applicants over a period fo some two years.
This situation highlights the risks to financial services firms with whom consumers regularly share their most personal and sensitive information. In this case, an employee of Countrywide was alleged to have accessed their computer systems in order to acquire applicant information in order to sell it to mortgage brokers and others.
The article also notes that:
“Two Countrywide customers sued the lender and its parent company last month in U.S. District Court in Los Angeles, accusing Countrywide and Bank of America of failing to protect customers’ sensitive information. The suit asks that it be certified as a class action.”
The potential for this type of litigation is beginning to motivate other firms who experience data breaches to provide a broader set of services to the potential victims of their breach, including insurance and identity theft restoration services. This can enable such an organization to minimize the damages that may occur to their consumers while giving them comfort that the organization is doing everything possible to help them.
Consumer Affairs has already received complaints from individuals affected by the breach who appear to be very dissatisfied with the response from Countrywide. “They offered to fix the situation by providing me a two year free subscription to ConsumerInfo.com, which is one of their vendors,” said Michael from Sicklerville, New Jersey. “I find this to be insufficient, and wonder if I can take any legal action against them.”
A recent study by the Ponemon Institute titled “Consumers’ Report Card on Data Breach Notification” notes that around a third of customers that receive a data breach notification letter plan to terminate their business relationship with their provider. They note that companies that have a breach and then notify their customers could do a much better job in addressing the real and perceived fears that people have associated with identity theft.