Parties agree to settlement over Countrywide data breach

A federal judge in Kentucky has granted preliminary approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company.

Last week's settlement, which still must undergo a final approval hearing, would provide free credit monitoring for up to 17 million people whose personal data was exposed, according to published reports. To be eligible, victims must have used Countrywide before July 1, 2008. In addition, participants are eligible to receive up to $50,000 per incident of identity theft, though Countrywide representatives have denied that anyone fell victim to fraud.

A spokeswoman for Bank of America, which now owns Countrywide, did not respond to a request for comment on Tuesday.

Prosecutors have said the breach was orchestrated by Rene Rebollo Jr. of Pasadena, Calif., who was charged with exceeding authorized access to Countrywide's data, and Wahid Siddiqi of Thousand Oaks, who was accused of fraud. 

Rebollo and Siddiqi were accused of downloading information of 20,000 customers once a week for two years, then selling the identity batches to a third party for $500. According to public reports, Siddiqi pleaded guilty earlier this month, but Rebollo has pleaded innocent and is awaiting trial.

Some 35 lawsuits resulted from the breach before class-action status was granted, according to reports.