Planet Home Lending Discloses Ransomware Attack
Company attributes cybersecurity breach to vulnerability in third-party vendor software; provides credit monitoring for affected customers.
Months after a ransomware attack that occurred on Nov. 15, 2023, Planet Home Lending is reporting the incident to nearly 200,000 customers and offering two years of credit monitoring and identity theft services.
In a letter filed with the Maine Attorney General's office dated January 25, it blamed a third-party vendor for the vulnerability that allowed the incident to happen. The lender sent the same notice to customers affected by the recent data security incident the day prior.
"Planet was one of many companies around the world whose information security systems were compromised by the threat actor LockBit in connection with one of its recent global ransomware campaigns. The root cause of the incident was a vulnerability (which has been termed “Citrix Bleed”) existing in a software program that Planet purchased from Citrix Systems, Inc., a worldwide leader in technology solutions," the letter states. "While Planet had implemented multiple layers of security tools designed to prevent this type of unauthorized access, the threat actor was able to exploit this Citrix Bleed vulnerability to bypass these protections."
The personally identifiable information taken included customers' names, addresses, SSNs, loan numbers and financial account numbers.
The company tells customers that it immediately took action following the discovery of the breach.
"Upon learning of this incident, we promptly secured our environment, conducted a full forensic investigation to determine the nature and scope of the compromise, and notified the FBI. In accordance with the
standard recommendation of the FBI and financial regulators, we have not paid, and do not anticipate paying, any ransom amount to the threat actor," the letter continues.
In recent months, four financial services companies — First American, Fidelity National Financial, Mr. Cooper, and loanDepot — have each disclosed separate incidents involving cybersecurity breaches and ransomware attacks. All four companies have notified government authorities and impacted parties.
Meanwhile, Connecticut-based Planet Financial Group, LLC, the parent company of Planet Home Lending, announced it ended the year with residential origination volume at $25 billion, down 5% from 2022. Mortgage servicing rights ended the year at $104.69 billion, up 42% from 2022.