The American Lending Center (ALC), a California-based non-bank lender, has disclosed a significant data breach that has exposed sensitive information of over 123,000 individuals. This breach, initially identified in July 2025, involved unauthorized access resulting from a ransomware attack.
Details of the Breach
ALC, renowned for managing a substantial $3 billion portfolio focused on government-backed small business loans, has begun notifying affected parties. The compromised information includes personal identifiers such as names, dates of birth, and Social Security numbers. The breach was part of a larger cybersecurity incident where malicious actors infiltrated ALC’s internal systems.
Investigation and Findings
The forensic investigation concluded on April 8, yet no misuse of the compromised data has been confirmed. Despite this reassurance, companies often state there is no evidence of misuse as a precautionary measure. The absence of any known ransomware group claiming responsibility suggests either a ransom may have been secretly paid, or the attack was conducted by a gang that lacks a public leak platform.
Implications and Company Response
While the exact ramifications are still unfolding, the breach highlights vulnerabilities in cybersecurity practices even within well-established institutions like ALC. SecurityWeek has sought further comments from ALC regarding the situation, with updates pending upon receipt of additional information.
This incident follows a series of similar breaches affecting other organizations, including OpenLoop Health and BWH Hotels, underscoring the persistent threat of cybercrime in the digital age.
As businesses continue to face such challenges, the emphasis on robust cybersecurity measures remains crucial to protect sensitive information from malicious actors.
