They were supposed to feel safe, after the sexual assault and the death threats that followed.

But a southern Minnesota mother and daughter felt their fear return when they opened the day’s mail and learned that their state-supported efforts to keep at bay a man who raped the young woman had been compromised by their mortgage lender.

Wells Fargo and one of its mortgage bankers in Mankato had mistakenly outed the family, which had sought refuge in the state’s Safe at Home victim protection program, according to a lawsuit filed Monday by the family.

The bank’s missteps began soon after the mother applied for a mortgage on a new home in November 2016, four months after the assault and while the defendant was out on bail, according to the suit, which was filed Monday in Blue Earth County District Court.

Mailings with the mother’s name on them from Wells Fargo and from others targeting her as a new homeowner soon began showing up at what was supposed to be a secret location, the suit alleges. “We had a plain envelope from Wells Fargo, and then I saw it had my mom’s name and our house address,” the young woman said in an interview Tuesday with the Star Tribune. “We were both really terrified knowing that something was done wrong on their end, and she contacted them immediately.”

Despite the repeated pleas, the identifying mailings “never stopped,” the daughter said. “We got junk mail addressed to us from places all around, and that’s when we knew they sold our information.

“It just made our fear escalate higher and higher.”

The suit contends that the mail from senders other than the bank “was a sign that [the family’s] information had been sold by Wells Fargo Home Mortgage to outside vendors.”

The family’s attorney, Randy Knutson, said Tuesday that “once vendors have the address … the name and address can often be located online. It has been released to the public, so to speak. Basically, if vendors have it, everyone may be able to access it.”

The suit accuses Wells Fargo and mortgage banker Nathan Olsen of breach of contract, negligence, invasion of privacy, negligent infliction of emotional distress and unjust enrichment. It seeks at least $50,000 and attorney fees.

The suit said the mother tried for more than five months to have the mailings stopped before Wells Fargo called in May 2017 and admitted to the breach and complied with the program’s requirements.

Olsen did not respond to messages left Tuesday at his Mankato office. Bank spokesman John Hobot said, “We are aware of the complaint and cannot comment further at this time.”

Secretary of State Steve Simon, whose office administers the Safe at Home program, said that “any breach of the extensive protocols in place to protect the identity and location of program participants is of grave concern. My office will continue to work with mortgage lenders to ensure that no person enrolled in Safe at Home is re-victimized by the unmasking of their physical address.”

‘Threatened to kill’

Violations of the program’s requirements could lead to misdemeanor prosecution, according to Simon’s office. Upon conviction, the maximum punishment per violation would be 90 days in jail and a fine of up to $1,000.

Ben Petok, a spokesman for the Secretary of State’s office, said it’s unusual for program participants to have their protected information mistakenly released, and he is unaware of charges ever being filed in the program’s 10-plus years.

About three dozen states have similar programs. Minnesota is among just a few that require not only government bodies but private industry to keep secret the participants’ identifying information.

The mother and her daughter, who is now 20 years old, enrolled in the Safe at Home program after “the alleged perpetrator threatened to kill [them] before they could testify,” according to a supplemental court filing.

In concert with enrolling, the two relocated roughly 30 miles away. Mail in their names is required to go to a post office box before being relayed by the state to the family’s new home without any residents’ names revealed. Wells Fargo received proper and timely notice from the state about how the mail was to be handled, the suit continued.

Other tactics designed to protect the mother and daughter include driving various routes home to avoid detection and not telling anyone their new address, the suit read.

Attacker served three months

Knutson, the family’s attorney, said the assailant was sentenced last fall after pleading guilty. “At sentencing, he was let out for time served of three months. So he is out and about, and still not happy with my clients,” Knutson said.

Knutson said his clients are unable to move again. The mother “doesn’t make enough money” to finance another move so soon, he said.

The Safe at Home program began in September 2007 and is open to survivors of domestic violence, sexual assault, stalking and those who otherwise fear for their safety, including law enforcement and judicial personnel. Roughly 8,000 people have been in the program since its inception, and there are about 2,800 people in it now, according to the Secretary of State’s Office.

Enrollees are given an identification card with their name, date of birth and a brief explanation of the program. The card allows participants to withhold their address under virtually any circumstance, even when in contact with law enforcement.

The young woman suing Wells Fargo said the changes she’s had to make in order to protect herself from her attacker were a bit bothersome at first, but “now it’s kind of second nature.”

She recalled when she called authorities one night to report that her neighbor’s house was on fire “and they asked me for my name, and I gave them my real name. And then they asked for my address, and I couldn’t tell them.”