Lower LLC Breach

Lower LLC is a fintech company that specializes in providing a range of mortgage and real estate services to customers. The company simplifies the home buying and refinancing process by leveraging advanced technology to deliver a seamless online experience. In recent years, personally identifiable information for approximately 86,000 of its customers was leaked in a breach.

In 2021, Lower claimed it identified unusual activity on its network and began an investigation with the assistance of third-party forensic specialists. The determination of the investigation revealed that an attacker accessed the Lower LLC network and removed some files from the company’s network in December 2021.

Lower's review revealed that names and social security numbers were leaked in the 2021 breach. Since the company stores information on its systems, such as date of birth, financial account number, and driver's license number, the company stated that this information may also have been on an involved system if provided to Lower.

As part of its commitment to the privacy of information in its care, Lower reviewed its existing policies and procedures, implementing additional safeguards to secure the information stored on its system further. Law enforcement and other regulatory authorities were informed about the breach as required by law. Also, affected individuals were required to take further steps to protect their personal information.

When Was the Lower LLC Breach?

Lower LLC stated that the unusual activity identified on its network occurred on December 14, 2021. On December 17, 2021, its investigation determined that a bad actor accessed the Lower network and accessed customers' information between December 10, 2021, and December 14, 2021. The investigation later identified suspicious activity related to some employee email accounts between early September 2021 and mid-December, 2021. 

How to Check If Your Data Was Breached

Lower LLC sent out notices to all affected persons in the 2021 breach in 2022. If you did not receive any such notification, you are likely to be unaffected by the breach.

What to Do If Your Data Was Breached

Lower LLC identifies specific steps to be taken if your data was leaked in the 2021 breach in the notification sent out in early 2022. The company recommends that affected customers enroll in credit monitoring. Lower offered a complimentary 24-month membership of Experian's IdentityWorks which offers identity detection and resolution to identity theft. In addition, you may change the passwords and security questions of your online accounts.

Also, Lower advised affected customers to monitor their accounts. Per United States law, a consumer qualifies for a free credit report yearly from the three top credit reporting bureaus (TransUnion, Experian, and Equifax). You can place a fraud alert on your credit file at no cost. If a fraud alert is on a consumer’s credit file, a business must take steps to verify the consumer’s identity prior to extending new credit. 

Are There Any Lawsuits Because of the Data Breach?

A leading data breach law firm (Turke & Strauss LLP) filed a class action litigation against Lower LLC in the United States District Court for the District of Maryland regarding the 2021 data breach.

A settlement was proposed in the class action to resolve the claims brought by Lower LLC customers affected by the breach. Impacted customers may be eligible for a cash payment of $00 or in lieu of a cash payment, reimbursement for ordinary losses (up to $2,500) or extraordinary losses (of up to $7,500) from the proposed settlement.

Can My Lower LLC Information Be Used for Identity Theft?

Due to the sensitive nature of the data leaked in the breach, your Lower LLC information can be used for identity theft. If you are a victim of identity theft, you can place a fraud alert on your account lasting seven years. If you want to place a fraud alert on your account, you can contact any of the three major credit reporting bureaus. 

What Can You Do to Protect Yourself Online?

Due to the volume of transactions and operations now conducted online, protecting oneself from data breaches has become necessary. Below are some proactive measures you can take to safeguard your information and protect yourself from attackers looking to steal and use your information for illicit purposes:

• Use unique and strong passwords for your online accounts. If you use common or simple passwords like 123456, it can easily guessed or unraveled in a brute-force attack.
• If possible, enable two-factor or multi-factor authentication protocols on your accounts. This will add an additional layer of security.
• Do not click links or attachments in unsolicited emails
• Do not give private personal or financial information to unknown persons
• Update your antivirus, operating system, and other online tools as frequently as possible. This helps protect you against vulnerabilities that may be exploited by cybercriminals
• Stay vigilant through frequent reviews of your account statements and monitoring of your free credit reports for suspicious activity
• Consider using a password vault to store your login credentials and randomly generate strong ones safely
• Do not reuse the same username or password on multiple accounts
• Do not provide personally identifiable information to any requester online or over the phone unless you contact them first.