American Lending Center this week revealed that a data breach discovered last year has impacted more than 123,000 individuals.
American Lending Center (ALC) is a California-based non-bank lender that manages a $3 billion portfolio specializing in government-guaranteed small business loans.
The organization is notifying individuals affected by the data breach that information such as names, dates of birth, and SSNs may have been stolen in a ransomware attack detected in July 2025.
“Through a forensic investigation into this breach, it was discovered that the threat actor compromised internal network, executed a ransomware attack, and accessed certain files that may have contained personal identifying or sensitive information,” ALC said in its notification to impacted customers, a copy of which was submitted to the Maine attorney general’s office.
The investigation was completed on April 8, and ALC has found no evidence that the potentially compromised information has been misused.
Companies often include a statement in their data breach notifications that there is no evidence of misuse, even when information has been made public by cybercriminals.
In the case of ALC, no known ransomware group appears to have taken credit for the attack, which could indicate either that a ransom has been paid or that the financial institution has been targeted by a cybercrime gang that does not have a public leak website.
SecurityWeek has reached out to ALC for clarification and will update this article if it responds.
Related: Foxconn Confirms North American Factories Hit by Cyberattack
Related: 716,000 Impacted by OpenLoop Health Data Breach
Related: BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months
Related: Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
