American Lending Center this week confirmed it notified 123,158 people of a July 2025 data breach that compromised names, Social Security numbers, dates of birth, and more.
The California-based small business lender cited a ransomware attack as the cause of the breach. No ransomware groups have publicly taken credit for the breach at time of writing.
“In July 2025, American Lending experienced a data incident involving ransomware. Through a forensic investigation into this breach, it was discovered that the threat actor compromised internal network, executed a ransomware attack, and accessed certain files that may have contained personal identifying or sensitive information,” says the company’s notice to breach victims.
We do not know how attackers breached American Lending Center’s network or if the company paid a ransom.
American Lending Center is offering breach victims free credit monitoring and $1 million in identity theft insurance through IDX.
Comparitech contacted American Lending Center for comment and will update this article if it replies.
Ransomware attacks on US finance
In 2025, Comparitech researchers recorded 67 confirmed ransomware attacks on US finance companies. Those companies in turn notified about 1.4 million people that their personal information had been compromised.
This attack on ALC was the third-largest breach on US finance company in 2025 by number of records affected. It was surpassed by:
- Wakefield & Associates notified 371,577 people of a January 2025 ransomware attack claimed by Akira
- Check City Partnership notified 322,687 people of a March 2025 data breach claimed by Clop
Like American Lending Center, many companies take several months to notify victims of a data breach. Some older but recently-confirmed breaches include:
- MemberSource Credit Union just notified 22,308 Texans of a June 2025 data breach claimed by SafePay
- Impac Mortgage Holdings notified 61,066 people of a February 2024 data breach for which Medusa demanded $500,000
- Georgia Heritage Federal Credit Union notified 43,077 people of a January 2025 data breach claimed by RansomHub
Ransomware attacks can both steal data and lock down computer systems. Once infected, the attacker then demands a ransom to delete stolen data and restore systems. Companies that refuse to pay can face extended downtime, permanent data loss, and putting customers at increased risk of fraud.
About American Lending Center
American Lending Center is a California-based lender focusing on small businesses. It manages $3.1 billion in assets and has financed 110 projects in all 50 US states, according to its website.
