Parties agree to settlement over Countrywide data breach

Share this article:

A federal judge in Kentucky has granted preliminary approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company.

Last week's settlement, which still must undergo a final approval hearing, would provide free credit monitoring for up to 17 million people whose personal data was exposed, according to published reports. To be eligible, victims must have used Countrywide before July 1, 2008. In addition, participants are eligible to receive up to $50,000 per incident of identity theft, though Countrywide representatives have denied that anyone fell victim to fraud.

A spokeswoman for Bank of America, which now owns Countrywide, did not respond to a request for comment on Tuesday.

Prosecutors have said the breach was orchestrated by Rene Rebollo Jr. of Pasadena, Calif., who was charged with exceeding authorized access to Countrywide's data, and Wahid Siddiqi of Thousand Oaks, who was accused of fraud. 

Rebollo and Siddiqi were accused of downloading information of 20,000 customers once a week for two years, then selling the identity batches to a third party for $500. According to public reports, Siddiqi pleaded guilty earlier this month, but Rebollo has pleaded innocent and is awaiting trial.

Some 35 lawsuits resulted from the breach before class-action status was granted, according to reports.

"We look forward to completion of the settlement," Ben Barnow, a Chicago attorney representing the plaintiffs, told SCMagazineUS.com on Tuesday. He declined to comment further.
Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.