2026
Jun 2026 · Mortgage lender · Southern California
Optimum First Mortgage
A ransomware group claimed a mid-June 2026 attack on the Southern California lender and access to a large volume of data. Security analytics platforms estimated about 9.3 terabytes were compromised — a figure the company disputed based on its internal review, which it said found no evidence its loan origination and application systems were infiltrated. Within weeks, Optimum First faced a proposed consumer class action alleging negligence, including that the exposed data was not properly encrypted.
What reduces this risk: encryption of stored customer data so exfiltrated files are unintelligible, ransomware-resilient offline backups, multi-factor authentication and least-privilege access, and a documented, tested incident-response and breach-notification plan.
Source: National Mortgage News →
2025
Aug 2025 · Mortgage lender · New Jersey (22 states)
NJ Lenders Corp.
An unauthorized party accessed NJ Lenders' network on August 18, 2025; the company confirmed on September 12 that personal information may have been exposed — names, Social Security numbers, driver's license numbers, dates of birth, and financial account information. The breach was reported to the Maine, Massachusetts, and Vermont attorneys general.
What reduces this risk: multi-factor authentication, network segmentation, continuous monitoring to shorten attacker dwell time, and encryption of retained applicant records.
Source: Claim Depot (state AG filings) →
Jul 2025 · Non-bank lender · Irvine, CA
American Lending Center
A ransomware attack on the lender's internal network exposed personal information — including names, dates of birth, and Social Security numbers — for about 123,158 people. The incident was detected in July 2025, but the investigation was not completed until April 2026, delaying notifications.
What reduces this risk: multi-factor authentication, network segmentation, ransomware-resilient (offline) backups, and faster detection and breach-notification processes.
Source: California Attorney General →
Jun 2025 · Mortgage lender · Virginia
McLean Mortgage Corporation
McLean Mortgage notified state regulators and about 30,453 individuals of a data breach that exposed personal and financial information, including Social Security numbers and account numbers. Notifications began in June 2025, filed with the Maine, Massachusetts, New Hampshire, and Vermont attorneys general.
What reduces this risk: multi-factor authentication on email and systems, encryption of stored loan files, phishing-resistant controls, and prompt breach detection.
Source: Claim Depot (state AG filings) →
Mar 2025 · Mortgage lender · California
Intelliloan, Inc.
The RansomHub ransomware group claimed a March 2025 attack on Intelliloan's network that exposed a broad set of personal data — names, addresses, Social Security numbers, driver's license and government ID numbers, financial account numbers, and dates of birth. Breach notices were filed with the California, Texas, and Massachusetts attorneys general.
What reduces this risk: ransomware-resilient backups, endpoint detection and response (EDR), least-privilege access, and rapid containment and notification.
Source: Cybernews →
2024
Jan 2024 · Mortgage lender · Nationwide
LoanDepot
A ransomware attack attributed to the ALPHV/BlackCat group exposed sensitive data — names, dates of birth, and Social Security numbers — for roughly 16.9 million customers, and disrupted origination and servicing operations. The company reported incident-related costs approaching $27 million.
What reduces this risk: endpoint detection and response (EDR), network hardening, tested offline backups, and an incident-response plan that includes regulatory disclosure readiness.
Source: SecurityWeek →
2023
Nov 2023 · Title & escrow · Nationwide
Fidelity National Financial
A suspected ransomware attack (linked to the AlphV/BlackCat group) disrupted the title insurance giant's operations for several days, briefly affecting real estate closings while systems were taken offline.
What reduces this risk: hardened title/escrow systems, third-party vendor security reviews, and tested business-continuity and closing-day contingency plans.
Source: Cybersecurity Dive →
Oct 2023 · Mortgage servicer · Nationwide
Mr. Cooper (Nationstar Mortgage)
An intrusion between Oct. 30 and Nov. 1, 2023 exposed the personal information of about 14.7 million current and former customers — names, addresses, Social Security numbers, dates of birth, and bank account numbers — and forced payment systems offline. The company estimated related expenses around $25 million.
What reduces this risk: continuous security monitoring, encryption of sensitive records, least-privilege access, and a formal, tested cybersecurity program.
Source: BleepingComputer →
2021
Dec 2021 · Bank / mortgage lender · Nationwide
Flagstar Bank
Attackers accessed Flagstar's corporate network in December 2021 and obtained files containing the names and Social Security numbers of about 1.55 million customers — the bank's second major breach in roughly a year, following the 2021 Accellion file-transfer incident. Flagstar later agreed to a $31.5 million settlement covering its 2021 breaches.
What reduces this risk: retiring vulnerable file-transfer tools, network segmentation, faster breach detection and notification, and identity protection for affected customers.
Source: Cybersecurity Dive →
2019
May 2019 · Title & settlement · Nationwide
First American Financial
A design flaw in the company's EaglePro document-sharing application (an insecure direct object reference) left roughly 885 million document images publicly accessible by simply changing a number in a URL — exposing Social Security numbers, financial data, and driver's licenses dating back to 2003. The SEC settled disclosure-controls charges for $487,616, and New York regulators reached a separate $1 million settlement.
What reduces this risk: application security testing, a secure development lifecycle, proper access controls, and a vulnerability-management process that acts on findings quickly.
Source: U.S. SEC →
Mar 2019 · Mortgage banker · Multi-state
Residential Mortgage Services
A 2019 phishing incident compromised an employee email account that held sensitive data of mortgage loan applicants. New York regulators found the company failed to investigate or report the breach in a timely manner, and RMS agreed to a $1.5 million penalty under New York's cybersecurity regulation.
What reduces this risk: multi-factor authentication on email, phishing training, prompt breach investigation, and meeting regulatory notification deadlines.
Source: NY Dept. of Financial Services →
Summaries are based on public reports from the linked sources and reflect information available at the time of writing. This page is provided for general educational purposes and is not legal advice or a statement about any company's current security posture.