A data breach allegedly affecting thousands of customers has spurred legal action against consumer lender 1st Franklin Financial Corp.

The Toccoa-based institution was negligent in handling reams of private information and was sluggish in its response to discovering the breach, according to at least three lawsuits filed in recent weeks in U.S. District Court for the Northern District of Georgia.

Officials at 1st Franklin Financial, including Virginia Herring, its chief executive, did not respond to repeated requests for comment. The company, which is not a bank, operates about 340 branches in states across the Southeast. It provides short-term loans at high interest rates, mortgages and also offers some investment products for sale.

The breach was first discovered by the company in November, according to plaintiffs who filed the lawsuits. Access to the company’s database potentially led to theft of Social Security numbers, bank account information, names, addresses and other data connected to customers, according to the filings.

That kind of personal information is commonly sought by criminals who use it in identity theft and other scams.

Consumers who have been alerted to the potential loss of such data must spend significant time and money monitoring credit reports and ratings, as well as their bills, to prevent or stop scams and may still be subject to criminal activity, said a filing by attorneys for Joshua Allen, an Alabama resident. “The ramifications of defendant’s failure to keep secure the (personal information) are long-lasting and severe.”

Other lawsuits were filed by Mark Dunn, also of Alabama, and William Moreland, a Georgia resident. Attorneys for the three plaintiffs have asked the court to combine their claims into one class action suit that would include all 1st Franklin Financial customers affected.

High-profile data breaches have hit a number of U.S. companies in recent years, including Atlanta-based Equifax, Facebook and Microsoft.

The 1st Franklin breach was discovered in mid-November, the plaintiffs say, citing from what they say is a notification from the company to customers.

However, 1st Franklin Financial did not even begin sending out that notice to its customers until January. Additionally, some customers were not informed until mid-February, the lawsuits said.

During the weeks or months before they received notice of the breach, customers would not have had any reason to take protective action.

Moreover, the company’s notice to customers did not provide information about the cause of the breach, the vulnerabilities that the hackers had exploited or the “remedial action” that the company had used to prevent such an incident from occurring again, according to Allen’s suit.

“This ‘disclosure’ amounts to no real disclosure at all, as it fails to inform with any degree of specificity,” the lawsuit said.

The lawsuits ask that the court issue an injunction that would force 1st Financial to take action against hackers and prevent a similar breach. The suits also ask the court to award the plaintiffs damages, but do not name a dollar figure.


How to protect yourself

File taxes early. “Filing your taxes early, is one of the best ways to protect yourself from tax identity theft,” according to the office of the Georgia Attorney General. “After a breach, a scammer may commit tax identity theft by using your Social Security number to file a tax return and steal your tax refund.”

Place a fraud alert on your account. Contact the credit reporting agencies to do so. That forces businesses to verify your identity before issuing new credit in your name. The fraud alert stays on your account for one year.

Freeze your credit. Many experts say to do that even before you hear of a data breach, since it makes identity theft extremely difficult.

To place a security freeze, you’ll have to contact each of the three credit reporting agencies.

Equifax.com, 1-888-766-0008

Experian.com, 1-888-397-3742

TransUnion.com, 1-800-680-7289

Monitor credit cards and bank accounts. Check regularly for any charges you do not recognize. If you suspect that your cards are being misused, contact the financial institution to report it and have replacement cards issued.

Cancel any cards or accounts that have been compromised.

Be very careful about giving out your Social Security number. According to the Federal Trade Commission: “Some organizations need your Social Security number to identify you. Those organizations include the IRS, your bank, and your employer. Organizations like these that do need your Social Security number won’t call, email, or text you to ask for it.”

Be wary with our online passwords. Don’t use easily guessed logins and change your passwords if you suspect your data has been compromised.

Collect mail every day. Place a hold on your mail when you are away from home for several days.

Visit identitytheft.gov to report any fraud and get instructions on actions to take.

Sources: Office of the Georgia Attorney General, Federal Trade Commission, USA.gov

___________________________________