AmeriFirst Financial, Inc. faces a proposed class action over a more than weeklong December 2020 data breach that reportedly compromised the personal information of more than 100,000 customers.
The residential mortgage loan provider has, according to the 25-page lawsuit out of Arizona, failed to adequately protect customers’ personal information and exposed the individuals to a heightened risk of identity theft and fraud.
“The information exposed by AmeriFirst is a virtual goldmine for phishers, hackers, identity thieves and cyber criminals,” the complaint states, calling the breach “tremendously problematic.”
AmeriFirst, who provides “a full range of home loans” that include conventional, FHA, VA, USDA Rural Development, FHA Standard and Limited 203(k) Home Improvement loans, discovered in April 2021 that an unauthorized party had accessed the company’s electronic data storage system from December 2 to December 10, 2020, according to the suit. The lawsuit says customers’ names, Social Security numbers, driver’s license numbers, bank account numbers, passport details and other government-issued identification cards and data were among what was compromised in the breach.
Per the lawsuit, the breach was a result of AmeriFirst’s failure to employ “reasonable and appropriate measures” to protect customers’ private information, including by complying with Federal Trade Commission data security requirements. The suit claims that although the defendant had the resources necessary to prevent the breach, it nevertheless failed to do so.
“Had Defendant remedied the deficiencies in its data security systems and adopted security measures recommended by experts in the field, it would have prevented the intrusions into its systems and, ultimately, the theft of [personally identifiable information],” the lawsuit contends.
The consequences of the data breach for AmeriFirst’s customers are “long lasting and severe,” the lawsuit argues, stressing that the fraudulent use of their information may continue “for years.” Thus, the defendant’s offer of one year of identity monitoring services is “woefully inadequate” given “the worst may be yet to come,” the case says.
Moreover, the complaint claims the risk of fraud faced by customers was increased even more so by AmeriFirst’s failure to timely detect and send notice of the breach to those affected. Per the case, customers were not notified that their information had been compromised until four months after the breach occurred, robbing them of an opportunity to “promptly mitigate potential adverse consequences,” the suit says.
The lawsuit looks to represent anyone in the U.S., with a proposed subclass of Arizona residents, who is a customer of AmeriFirst or an affiliate, parent or subsidiary of the company and had their personally identifiable information compromised as a result of the December 2020 data breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here