01.10.2025
2 min
549
California mortgage lender Intelliloan notified customers of a large-scale data leak after a system hack in March 2025. Only seven months later, the company began sending out official warning letters.
According to official data, the attackers gained access to a huge array of sensitive information: names, dates of birth, addresses, social security numbers, driver’s licenses, state IDs, as well as financial data – accounts, credit and debit cards. Additionally, the systems could have stored protected medical data of applicants. This creates high risks of fraud, identity theft and targeted social engineering attacks. The company offers victims free credit history monitoring and identity restoration through the CyberScout (TransUnion) service.
Intelliloan has been operating since 1993 and has financed tens of thousands of loans in several US states. Although the company is smaller than national banks, in 2019 it was named one of the top 10 mortgage institutions according to Lending Tree. The leak has already attracted the attention of lawyers and has become the basis for class action lawsuits. The breach was recorded on March 29, 2025, but was officially notified to regulators only in May. The company says it is strengthening security systems and conducting staff training.
The Intelliloan incident was yet another confirmation that even average players in the financial market are targets for hackers. The delay in informing customers has deepened the risks, and the volume of stolen data poses serious threats to tens of thousands of people. Experts emphasize that lenders need to implement multi-layered protection mechanisms and respond quickly to incidents to minimize damage.
