By Jennifer Bjorhus

Apr. 23, 2008 (McClatchy-Tribune Regional News delivered by Newstex) --
LendingTree, the popular online lending exchange, is contacting customers nationally about a security breach involving loan request forms submitted on the Web from late 2006 through early this year.

According to an alert LendingTree e-mailed a Twin Cities customer Monday, former LendingTree employees slipped passwords to a handful of mortgage lenders to access customer files. The files contained names, addresses, telephone numbers, Social Security numbers, employment and incomes, but not credit card numbers, the April 21 notice said.

LendingTree, based in Charlotte, N.C., won't say how many customers the breach involved, but said it has tightened its system security and sued three California companies in connection with the incident: Sage Credit Co. and Newport Lending Group in Irvine, and Home Loan Consultants Inc. in Newport Beach.

Quentin Caruana, president of Sage Credit, said he was aware of the lawsuit but hasn't been served yet and didn't want to discuss it. The other two companies did not respond to messages.

LendingTree advised customers to get a copy of their credit reports, look for any accounts they didn't open, or any inquiries from creditors they didn't initiate, and report any fraud to the credit bureau. It said it doesn't think the breach led to identity theft or fraud but suspects that unauthorized mortgage companies might have used the personal information to solicit loans.

Such information security breaches are all too common and

mortgage companies aren't immune, said Linda Foley, founder of the nonprofit Identity Theft Resource Center in San Diego. Foley's group culls reports of paper and electronic security violations from media reports, Attorneys General offices and Web sites such as PogoWasRight.org, a privacy Web site.

"We post a breach list every Tuesday morning; it's at 205 since the beginning of this year," said Foley.

Foley said the number of reports has jumped dramatically in just the last month. Her group tallied 446 reports for all of last year.

Alec Grebis, senior loan officer at Cornerstone Mortgage Co. in Burnsville, who has a customer who received the breach alert, said he's skeptical the information may only have been used by mortgage companies to call on customers. When he realized the notice involved Social Security numbers, he took notice, he said.

"It would probably have more value to an identity theft ring than a mortgage company," Grebis said.

LendingTree is a subsidiary of Internet conglomerate IAC (OTCBB:IACPP) (NASDAQ:IACI) /Interactive Corp. in New York, owner of TicketMaster and HSN, the home shopping network.

Jennifer Bjorhus can be reached at 651-228-2146.

Newstex ID: KRTB-0190-24715537