On June 29, 2022, Lending Tree, LLC, an online lending marketplace based in based in Charlotte, North Carolina, reported a data breach to the Montana Attorney General’s Office.
According to the company’s Data Breach Notice, between mid-February, 2022 and sometime in June, 2022, “a code vulnerability likely resulted in the unauthorized disclosure of some sensitive personal information.”
Lending Tree discovered the “vulnerability” on June 3, 2022. It appears to have begun informing affected individuals on June 29, 2022.
In its Data Breach Notice Lending Tree states that “the vulnerability in the code no longer exists.”
The sensitive personal information that may have been accessed or acquired includes individuals’ full names, dates of birth, street address, and Social Security numbers (SSNs).
Lending Tree’s Notice provides no explanation as to what it means by a “code vulnerability,” how its data came to be taken, or by whom. There has been a media report that the data is now freely available on the internet, but, according to that report, Lending Tree has denied that the data circulating online originated with the company.
The full notice of data breach provided to the Montana Attorney General can be viewed here.
Lending Tree is offering affected individuals two years of complimentary identity monitoring services through IdentityForce. The deadline for enrollment in IdentityForce services is 90 days from the date of the letter.
