Skip to main content

Planet Home Lending Discloses Ransomware Attack

Jan 31, 2024
cybesecurity
News Director

Company attributes cybersecurity breach to vulnerability in third-party vendor software; provides credit monitoring for affected customers.

Months after a ransomware attack that occurred on Nov. 15, 2023, Planet Home Lending is reporting the incident to nearly 200,000 customers and offering two years of credit monitoring and identity theft services.  

In a letter filed with the Maine Attorney General's office dated January 25, it blamed a third-party vendor for the vulnerability that allowed the incident to happen. The lender sent the same notice to customers affected by the recent data security incident the day prior. 

"Planet was one of many companies around the world whose information security systems were compromised by the threat actor LockBit in connection with one of its recent global ransomware campaigns. The root cause of the incident was a vulnerability (which has been termed “Citrix Bleed”) existing in a software program that Planet purchased from Citrix Systems, Inc., a worldwide leader in technology solutions," the letter states. "While Planet had implemented multiple layers of security tools designed to prevent this type of unauthorized access, the threat actor was able to exploit this Citrix Bleed vulnerability to bypass these protections."

The personally identifiable information taken included customers' names, addresses, SSNs, loan numbers and financial account numbers. 

The company tells customers that it immediately took action following the discovery of the breach. 

"Upon learning of this incident, we promptly secured our environment, conducted a full forensic investigation to determine the nature and scope of the compromise, and notified the FBI. In accordance with the
standard recommendation of the FBI and financial regulators, we have not paid, and do not anticipate paying, any ransom amount to the threat actor," the letter continues. 

In recent months, four financial services companies — First American, Fidelity National Financial, Mr. Cooper, and loanDepot  — have each disclosed separate incidents involving cybersecurity breaches and ransomware attacks. All four companies have notified government authorities and impacted parties.

Meanwhile, Connecticut-based Planet Financial Group, LLC, the parent company of Planet Home Lending, announced it ended the year with residential origination volume at $25 billion, down 5% from 2022. Mortgage servicing rights ended the year at $104.69 billion, up 42% from 2022. 

About the author
Christine Stuart is the news director at NMP.
Published
Jan 31, 2024
High Home Prices Not Translating To Higher Seller Profits

Average profit margins decline for second year in a row, with Florida sellers hit hardest

Jan 23, 2025
Cash And Desperation To Drive Home Sales This Year

Fannie Mae lowered its 2025 originations forecast by 2.5%, and total home sales forecast by 2.25%, this week.

Jan 23, 2025
Spiking Escrows Shock Unsuspecting Borrowers

One-third of typical mortgage payment now made up of taxes and insurance

Jan 22, 2025
As Home Prices Keep Climbing, Rental Affordability Grows

Affordability gap between renting and buying "is likely to widen further in 2025"

Jan 22, 2025
Mortgage Applications Subdued As Rates Climb

MBA's Fratantoni says economic data likely to keep rates 'steady at these levels'

Jan 22, 2025
Rent Growth Sees "Smallest Increase In Years"

Single-family home rents barely grow in 2024, up only 0.8%

Jan 21, 2025