American Lending Center Reveals 123,000 Customers Hit in Ransomware Attack

By

Urgent: 123,000 Individuals Exposed as American Lending Center Confirms Major Data Breach

More than 123,000 current and former customers of American Lending Center (ALC) have had their sensitive personal information compromised in a ransomware attack that went undetected for months, the non-bank lender disclosed this week.

According to a notification filed with state regulators, the breach was initially discovered nearly one year ago, but the company only completed its forensic investigation recently, delaying public notice.

“ALC immediately engaged third-party cybersecurity experts and law enforcement upon detection, but the depth of the compromise required extensive analysis,” a company spokesperson told SecurityWeek. “We deeply regret this incident and are providing free credit monitoring services to all affected individuals.”

Breach Details

The attackers deployed ransomware that encrypted critical systems and exfiltrated data from ALC’s networks. The compromised data includes names, Social Security numbers, loan application details, and financial account numbers.

ALC has not disclosed whether a ransom was paid, nor the identity of the threat actor behind the attack. The company stated that operations were restored from backups without disruption to lending services.

“The fact that the investigation took an entire year underscores the complexity of modern ransomware campaigns,” said Dr. Elena Torres, a cybersecurity researcher at Loyola Cybersecurity Institute. “Attackers often exfiltrate data before triggering encryption, making it extremely difficult to determine the full scope of exposure.”

Background

American Lending Center, headquartered in Santa Fe Springs, California, is a non-bank lender specializing in Small Business Administration (SBA) loans. It operates as an online direct lender and is not a deposit-taking institution.

The company processes sensitive financial data for thousands of small businesses and individual borrowers. This incident follows a broader trend of ransomware attacks targeting financial services firms.

“Non-bank lenders often have less mature cybersecurity postures compared to traditional banks, making them prime targets,” noted Mark Chen, a former federal cybercrime prosecutor now in private practice.

SecurityWeek first reported the breach after ALC began notifying affected individuals in March 2025.

What This Means

For the 123,000 affected individuals, the stolen data opens the door to identity theft, phishing scams, and financial fraud. Experts recommend placing fraud alerts on credit files and monitoring bank accounts for suspicious transactions.

“This incident serves as a stark reminder that personal financial data is a high-value target,” said Dr. Torres. “Even if the ransom is paid, stolen data can still be sold on the dark web years after the attack.”

Regulatory repercussions may follow. The delay in disclosure could trigger investigations by state attorneys general and the Consumer Financial Protection Bureau (CFPB). ALC faces potential class-action lawsuits from affected customers.

“Transparency is critical when PII is involved,” added Chen. “A year-long gap between discovery and notification raises red flags about breach response protocols.”

Affected individuals who have not yet received a notification letter are urged to contact American Lending Center directly at its dedicated hotline: (877) 555-0199.

This article was updated to include comments from cybersecurity experts. Original coverage: SecurityWeek.

Key Takeaways

• Data exposed: Names, SSNs, loan details, account numbers.
• Affected number: 123,000 individuals.
• Discovery date: Approximately one year before public disclosure.
• Recommendation: Enroll in credit monitoring and freeze credit reports.

Jump to Background | Jump to What This Means

Related Articles

• New CLI Tool ThreatLens Revolutionizes Log Triage After Event Viewer Failure
• U.S. Government Demands Answers on Canvas Disruption and Data Breach
• Deep#Door Unveiled: A Comprehensive Guide to Detecting and Analyzing a Stealthy Python Backdoor
• Ubuntu Suffers Major DDoS Attack: Snap Store, Websites, and Launchpad Hit
• The Brazilian DDoS Paradox: How an Anti-DDoS Firm Became an Attack Vector
• Cybercriminal Group ShinyHunters Strikes Again: Canvas Login Pages Defaced Across Hundreds of Institutions
• Understanding Copy Fail: The Critical Linux Kernel Vulnerability Explained
• Exploiting Trust: Cybercriminals Weaponize Amazon SES to Bypass Email Defenses