While financial services firm LendingTree has refuted involvement with a data breach that compromised 200,000 loan applications, it has confirmed the exposure of data from more than 70,000 customers as a result of a separate data breach in February, according to The Record, a news site by cybersecurity firm Recorded Future.
Exposed in the confirmed breach, which stemmed from a LendingTree code flaw, were individuals' names, addresses, birthdates, and Social Security numbers, said LendingTree Director of Communications Megan Greuling, who also said that nearly 700 clients have also been notified about a separate breach in November that resulted from an online personal loan interface vulnerability.
However, the 200,000 leak loan applications were found by LendingTree to have no matches with its consumer database.
"The threat actor who was selling the data set on the dark web must have mislabeled the data source accidentally or intentionally mislabeled the data set source for malicious intent, perhaps in an attempt to increase black market value," Greuling said.