Jun 2026 · Mortgage lender · Southern California
Optimum First Mortgage — Southern California (Mortgage Lender)
- Incident: Ransomware group “PEAR” claimed a June 19, 2026 attack and theft of ~9.3 TB of data (mortgage applications, income, employment history, tax records, SSNs, bank details).
- Company stance: Disputed the volume; internal review found no evidence core loan-origination systems were infiltrated.
- Aftermath: Proposed consumer class action alleging negligence and lack of encryption; law-firm investigations launched (e.g., Edelson Lechtzin LLP).
- Cost: Not publicly disclosed (litigation ongoing).
- Source: Claim Depot → · Morningstar / PR Newswire →
Feb 2026 · Wholesale / correspondent lender · Costa Mesa, CA
Plaza Home Mortgage — Costa Mesa, CA (Wholesale / Correspondent Lender)
- Incident: Ransomware group “SilentRansomGroup” claimed a Feb 27, 2026 breach; initial reports cited ~54 users / 10 employees affected, later estimates put scope near 138,000.
- Company stance: Disputed the higher figure; said security controls detected the access and it shut down the attack immediately.
- Aftermath: Formal victim notification delayed until May 29, 2026 (via Simpluris); now facing class action lawsuits.
- Cost: Not publicly disclosed (litigation ongoing).
- Source: HousingWire →
2026 · Unconfirmed claim · Nationwide
Finance of America — Nationwide (Mortgage Lender / Servicer)
- Incident: A ransomware gang claimed a hack; the company has not disclosed any incident itself.
- Company stance: No disclosure made.
- Aftermath: A consumer filed an early class action based solely on the gang’s claim.
- Cost: Not publicly disclosed.
- Source: National Mortgage News →
Fall 2025 · Vendor breach · Industry vendor
SitusAMC — (Industry Vendor, not a direct lender)
- Incident: Cyberattack in the fall of 2025; scope of impact on consumers, partner banks, and lenders undisclosed.
- Cost: Not publicly disclosed.
- Source: National Mortgage News →
Aug 2025 · Mortgage lender · New Jersey (22 states)
NJ Lenders Corp. — New Jersey (22 states)
- Incident: Unauthorized network access Aug 18, 2025; confirmed exposure Sept 12, 2025 — names, SSNs, driver’s license numbers, DOB, financial account info.
- Aftermath: Regulatory filings with Maine, Massachusetts, and Vermont AGs.
- Risk-reduction: MFA, network segmentation, continuous monitoring, encryption of retained records.
- Cost: Not publicly disclosed.
- Source: Claim Depot (state AG filings) →
Jul 2025 · Third-party vendor · Mortgage lender
New American Funding — (Mortgage Lender)
- Incident: July 2025 breach involving a third-party vendor, potentially compromising customer data.
- Aftermath: Reported to the California Attorney General.
- Cost: Not publicly disclosed.
- Source: HousingWire →
Jul 2025 · Non-bank lender · Irvine, CA
American Lending Center — Irvine, CA (Non-bank Lender)
- Incident: Ransomware attack exposing PII for ~123,158 people (names, DOB, SSNs).
- Aftermath: Detected July 2025; investigation completed April 2026, delaying notifications.
- Risk-reduction: MFA, segmentation, offline backups, faster detection / notification.
- Cost: Not publicly disclosed.
- Source: California Attorney General →
Jun 2025 · Mortgage lender · Virginia
McLean Mortgage Corporation — Virginia (Mortgage Lender)
- Incident: Breach exposed personal and financial info for ~30,453 individuals (SSNs, account numbers).
- Aftermath: Regulatory filings with Maine, Massachusetts, New Hampshire, and Vermont AGs.
- Risk-reduction: MFA, encryption of loan files, phishing-resistant controls, prompt detection.
- Cost: Not publicly disclosed.
- Source: Claim Depot (state AG filings) →
Breach May 2025 · disclosed Mar 2026 · Melville, NY (49 states)
US Mortgage Corporation — Melville, NY (Mortgage Lender, 49 states)
- Incident: Unauthorized network access May 13–14, 2025; exposed names, DOB, contact info, SSNs, financial / mortgage account info, and limited medical / insurance info.
- Company stance: Not publicly disputed; engaged third-party cybersecurity experts upon detection.
- Aftermath: Notice mailed March 5, 2026 — over 260 days after detection; class action filed March 23, 2026 (E.D.N.Y.) alleging unencrypted SSNs.
- Cost: Not publicly disclosed (litigation ongoing).
- Source: MPA →
Mar 2025 · Mortgage lender · California
Intelliloan, Inc. — California (Mortgage Lender)
- Incident: RansomHub claimed an attack exposing names, addresses, SSNs, driver’s license / ID numbers, financial account numbers, and DOB.
- Aftermath: Regulatory filings with California, Texas, and Massachusetts AGs.
- Risk-reduction: Offline backups, EDR, least-privilege access, rapid containment.
- Cost: Not publicly disclosed.
- Source: Cybernews →
Jan 2024 · Mortgage lender · Nationwide
LoanDepot — Nationwide (Mortgage Lender)
- Incident: ALPHV/BlackCat ransomware attack; ~16.9M customers affected (names, DOB, SSNs); major operational disruption.
- Risk-reduction: EDR, network hardening, offline backups, IR-plan readiness.
- Cost: ~$27 million in reported incident-related expenses.
- Source: SecurityWeek →
Nov 2023 · Title & escrow · Nationwide
Fidelity National Financial — Nationwide (Title & Escrow)
- Incident: Suspected ALPHV/BlackCat ransomware attack.
- Aftermath: Multi-day operational disruption; closings delayed.
- Risk-reduction: Hardened escrow systems, vendor security reviews, tested continuity plans.
- Cost: Not publicly disclosed (operational / reputational losses from closing delays not quantified).
- Source: Cybersecurity Dive →
Oct–Nov 2023 · Mortgage servicer · Nationwide
Mr. Cooper (Nationstar Mortgage) — Nationwide (Mortgage Servicer)
- Incident: Intrusion Oct 30–Nov 1, 2023; forced payment systems offline; ~14.7M customers affected (names, addresses, SSNs, DOB, bank account numbers).
- Aftermath: A Texas federal court later ruled affected borrowers had standing to sue.
- Risk-reduction: Continuous monitoring, encryption, least-privilege access, formal cybersecurity program.
- Cost: ~$25 million estimated response cost.
- Source: BleepingComputer →
Breach Aug 2023 · disclosed Jan 2024 · settled 2026 · New York
Premium Mortgage Corporation — New York (Residential Mortgage Lender)
- Incident: Targeted cyberattack between Aug 24–31, 2023, disclosed Jan 10, 2024; ~10,835 customers affected (names, SSNs, payment card and financial account info).
- Aftermath: Class action settlement received preliminary court approval Jan 23, 2026; final approval hearing held May 14, 2026.
- Cost: Settlement offers up to $5,000 per claimant for documented extraordinary losses, $25/hour for up to 4 hours of lost time, or a flat $50 alternative payment; total fund value not disclosed.
- Source: ClassAction.org →
Dec 2021 · Bank / mortgage lender · Nationwide
Flagstar Bank — Nationwide (Bank / Mortgage Lender)
- Incident: Attackers accessed the corporate network — second major breach in a year; ~1.55M customers affected (names, SSNs).
- Risk-reduction: Retiring vulnerable file-transfer tools, segmentation, faster detection, identity protection.
- Cost: $31.5 million settlement covering both 2021 breaches.
- Source: Cybersecurity Dive →
Breach 2021 · multistate settlement
Bayview Asset Management (+ 3 affiliates)
- Incident: 2021 data breach; handling later scrutinized by multiple states.
- Aftermath: Settled multistate allegations that its breach response failed to meet certain standards.
- Cost: Settlement amount not disclosed in available reporting.
- Source: National Mortgage News →
May 2019 · Title & settlement · Nationwide
First American Financial — Nationwide (Title & Settlement)
- Incident: EaglePro application flaw (IDOR) exposed ~885M document images (SSNs, financial data, driver’s licenses, 2003–2019).
- Risk-reduction: Secure SDLC, access controls, vulnerability management.
- Cost: SEC penalty $487,616; NYDFS penalty $1 million (total regulatory fines ~$1.49M; broader remediation costs not disclosed).
- Source: U.S. SEC →
Mar 2019 · Mortgage banker · Multi-state
Residential Mortgage Services — Multi-state (Mortgage Banker)
- Incident: Phishing compromised an employee email account containing applicant data.
- Risk-reduction: MFA on email, phishing training, prompt investigation, regulatory compliance.
- Cost: NYDFS fine of $1.5 million.
- Source: NY Dept. of Financial Services →
Date undisclosed · post-merger · Mortgage lender
Pacific Residential Mortgage — (Mortgage Lender)
- Incident: Ransomware attack discovered just weeks after completing a merger with an Ohio-based lender.
- Cost: Not publicly disclosed.
- Source: National Mortgage News →