American Lending Center Data Breach Affects 123,000 Individuals

American Lending Center Data Breach Affects 123,000 Individuals

Briefly

"Through a forensic investigation into this breach, it was discovered that the threat actor compromised internal network, executed a ransomware attack, and accessed certain files that may have contained personal identifying or sensitive information. The organization is notifying individuals affected by the data breach that information such as names, dates of birth, and SSNs may have been stolen in a ransomware attack detected in July 2025."

"The investigation was completed on April 8, and ALC has found no evidence that the potentially compromised information has been misused. Companies often include a statement in their data breach notifications that there is no evidence of misuse, even when information has been made public by cybercriminals. In the case of ALC, no known ransomware group appears to have taken credit for the attack."

"ALC is a California-based non-bank lender that manages a $3 billion portfolio specializing in government-guaranteed small business loans. American Lending Center this week revealed that a data breach discovered last year has impacted more than 123,000 individuals. ALC said it submitted a copy of its notification to the Maine attorney general's office."

"No known ransomware group appears to have taken credit for the attack, which could indicate either that a ransom has been paid or that the financial institution has been targeted by a cybercrime gang that does not have a public leak website. SecurityWeek has reached out to ALC for clarification and will update this article if it responds."