KeyBank, mortgage insurance firm sued over data breach

A consumer is accusing KeyBank and a mortgage insurance firm of negligence after a recent data breach compromised clients’ mortgage account information and Social Security numbers. 

Daniel Bozin, the executor of an Ohio borrower’s estate, on Tuesday filed a class action suit against the depository and Overby-Seawell Co. in the U.S. District Court for the Northern District of Ohio Eastern Division. KeyBank last week disclosed a hack at OSC, which the bank said provides ongoing verification of residents’ property insurance coverage.

OSC’s July 5 network breach exposed personally identifiable information, mortgage and insurance data and the first eight digits of Social Security numbers from an unspecified number of consumers, KeyBank disclosed in notices sent to the offices of attorneys general in four states. 

“The plaintiff is very concerned about identity theft and we are still investigating the full scope of the personal information that was stolen,” said Brian Flick of Lakewood, Ohio-based DannLaw, on behalf of Bozin, in a statement Thursday. 

The unauthorized party gained remote access to OSC’s network but not KeyBank’s own network, the bank said in its disclosures. OSC is still investigating the incident with the aid of third-party cybersecurity experts, and at least 7,002 consumers have been impacted by the breach, according to notices in California, Massachusetts, Montana and Texas. 

“OSC has reported this matter to law enforcement and we are working to make sure that enhanced measures are in place to protect our data,” said KeyBank in a statement Thursday. “We take this matter very seriously and have notified all affected individuals.” 

The depository offered impacted customers complimentary two-year membership to an Equifax identity protection support program. Representatives for Kennesaw, Georgia-based OSC didn’t respond to requests for comment.

The lawsuit seeks an amount in controversy exceeding $5 million and injunctive relief including monitoring of both companies’ security practices. Bozin is the executor of the estate of Aurora Murgu, who had a home loan on a Westlake, Ohio property originated and/or serviced by the depository, according to the lawsuit.

KeyBank originated $3.2 billion in consumer mortgages in the second quarter, an increase from $2.6 billion in the prior quarter, according to its latest earnings report. Its performance was a step down from the $3.7 billion it originated in the second quarter last year. 

It’s the most recent mortgage lender to report a cyberattack this year and the latest to face a lawsuit for allegedly failing to protect consumers’ information. Flagstar Bank and Lower are facing similar class action complaints from consumers, while Bayview Asset Management confronts a larger suit from some of the over 2.6 million customers impacted by servicing hacks.

This year, at least 79 financial services companies have reported costly data breaches impacting 1,000 customers nationwide or more, according to data from the Maine Attorney General’s Office.

Comments are closed.