American Lending Center Data Breach Impacts 123,000 Individuals
California-based lender American Lending Center has confirmed that a ransomware attack detected in July 2025 resulted in the theft of sensitive personal data belonging to 123,000 individuals.

American Lending Center (ALC), a California-based non-bank lender managing a $3 billion portfolio of government-guaranteed small business loans, has disclosed a significant data breach impacting over 123,000 individuals. The incident, which involved a ransomware attack, was first detected by the organization in July 2025 SecurityWeek.
According to the company's notification submitted to the Maine attorney general’s office, the breach occurred after a threat actor successfully compromised ALC’s internal network. Once inside, the attackers executed a ransomware attack and gained unauthorized access to files containing sensitive personal information. The compromised data includes names, dates of birth, and Social Security numbers SecurityWeek.
ALC conducted a forensic investigation into the incident, which was not finalized until April 8, 2026. Despite the length of time between the initial detection and the conclusion of the investigation, the company claims it has found no evidence that the stolen information has been misused to date SecurityWeek.
The identity of the threat actor responsible for the intrusion remains unknown. No ransomware group has publicly claimed responsibility for the attack, a situation that often suggests either that a ransom payment was made to the attackers or that the perpetrators operate without a public data leak site to extort their victims SecurityWeek.
This incident highlights the persistent risks faced by financial institutions, even those specializing in niche lending markets. While ALC has begun notifying affected individuals, the delay between the July 2025 detection and the April 2026 conclusion of the investigation underscores the complexities involved in forensic incident response and the challenges organizations face in securing sensitive PII against sophisticated ransomware operations SecurityWeek.