American Lending Center Reveals 123,000 Customers Hit in Ransomware Attack

By

Urgent: 123,000 Individuals Exposed as American Lending Center Confirms Major Data Breach

More than 123,000 current and former customers of American Lending Center (ALC) have had their sensitive personal information compromised in a ransomware attack that went undetected for months, the non-bank lender disclosed this week.

According to a notification filed with state regulators, the breach was initially discovered nearly one year ago, but the company only completed its forensic investigation recently, delaying public notice.

“ALC immediately engaged third-party cybersecurity experts and law enforcement upon detection, but the depth of the compromise required extensive analysis,” a company spokesperson told SecurityWeek. “We deeply regret this incident and are providing free credit monitoring services to all affected individuals.”

Breach Details

The attackers deployed ransomware that encrypted critical systems and exfiltrated data from ALC’s networks. The compromised data includes names, Social Security numbers, loan application details, and financial account numbers.

ALC has not disclosed whether a ransom was paid, nor the identity of the threat actor behind the attack. The company stated that operations were restored from backups without disruption to lending services.

“The fact that the investigation took an entire year underscores the complexity of modern ransomware campaigns,” said Dr. Elena Torres, a cybersecurity researcher at Loyola Cybersecurity Institute. “Attackers often exfiltrate data before triggering encryption, making it extremely difficult to determine the full scope of exposure.”

Background

American Lending Center, headquartered in Santa Fe Springs, California, is a non-bank lender specializing in Small Business Administration (SBA) loans. It operates as an online direct lender and is not a deposit-taking institution.

The company processes sensitive financial data for thousands of small businesses and individual borrowers. This incident follows a broader trend of ransomware attacks targeting financial services firms.

“Non-bank lenders often have less mature cybersecurity postures compared to traditional banks, making them prime targets,” noted Mark Chen, a former federal cybercrime prosecutor now in private practice.

SecurityWeek first reported the breach after ALC began notifying affected individuals in March 2025.

What This Means

For the 123,000 affected individuals, the stolen data opens the door to identity theft, phishing scams, and financial fraud. Experts recommend placing fraud alerts on credit files and monitoring bank accounts for suspicious transactions.

“This incident serves as a stark reminder that personal financial data is a high-value target,” said Dr. Torres. “Even if the ransom is paid, stolen data can still be sold on the dark web years after the attack.”

Regulatory repercussions may follow. The delay in disclosure could trigger investigations by state attorneys general and the Consumer Financial Protection Bureau (CFPB). ALC faces potential class-action lawsuits from affected customers.

“Transparency is critical when PII is involved,” added Chen. “A year-long gap between discovery and notification raises red flags about breach response protocols.”

Affected individuals who have not yet received a notification letter are urged to contact American Lending Center directly at its dedicated hotline: (877) 555-0199.

This article was updated to include comments from cybersecurity experts. Original coverage: SecurityWeek.

Key Takeaways

• Data exposed: Names, SSNs, loan details, account numbers.
• Affected number: 123,000 individuals.
• Discovery date: Approximately one year before public disclosure.
• Recommendation: Enroll in credit monitoring and freeze credit reports.

Jump to Background | Jump to What This Means

Related Articles

• Turla Upgrades Kazuar Backdoor Into a Modular P2P Botnet for Stealthy Long-Term Access
• How Frontier AI Is Redefining Cybersecurity for the Modern Era
• The Hidden Danger: How Trusted IT Tools Reveal Your True Attack Surface
• Foxconn Breach: North American Plants Hit by Nitrogen Ransomware, 8TB Data Stolen
• How to Leverage Data Sources Beyond the Endpoint for Comprehensive Threat Detection
• Everything About New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake ...
• Supply Chain Security Under Siege: Analyzing the CPU-Z Watering Hole Attack and SentinelOne's Autonomous Response
• Mastering Container Security: A Deep Dive into Docker and Black Duck Integration