• Home
  • cyber
  • Evolve Mortgage Services: Evolve Mortgage Services Data Breach Lawsuit Investigation
cyber Ransomware

Evolve Mortgage Services: Evolve Mortgage Services Data Breach Lawsuit Investigation

Sep 17, 2025 2 min read
Evolve Mortgage Services: Evolve Mortgage Services Data Breach Lawsuit Investigation

Evolve Mortgage Services Hit by INC RANSOM Attack, Exposing Sensitive Financial Data

Evolve Mortgage Services, a Texas-based provider of outsourced mortgage solutions to financial institutions, confirmed a data breach after detecting suspicious activity in its systems on September 24, 2025. A third-party investigation revealed unauthorized access occurred between September 17 and 24, 2025, with the INC RANSOM ransomware group claiming responsibility.

The attackers alleged they exfiltrated 20 terabytes of data, including sensitive customer information such as Social Security numbers, client ID scans, addresses, phone numbers, and full credit histories dating back to 2016. The stolen data was posted on the dark web on October 30, 2025. While the breach involved names, Evolve has not publicly confirmed the full scope of exposed details.

Evolve reported the incident to the California Attorney General on February 4, 2026, though the total number of affected individuals remains undisclosed. The company is offering 12 months of complimentary credit monitoring and identity protection via Cyberscout (a TransUnion subsidiary) to impacted parties, with enrollment required within 90 days of notification.

The breach has prompted legal action, with Shamis & Gentile P.A., a class-action law firm, investigating potential compensation claims for those affected. Federal law entitles victims to free annual credit reports from major bureaus and options to place fraud alerts or credit freezes for added security.

Source: https://www.claimdepot.com/investigations/evolve-mortgage-services-data-breach-2026

Evolve Mortgage Services, LLC cybersecurity rating report: https://www.rankiteo.com/company/evolvemortgageservices

"id": "EVO1770325963",
"linkid": "evolvemortgageservices",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Mortgage Services',
                        'location': 'Texas, USA',
                        'name': 'Evolve Mortgage Services',
                        'type': 'Company'}],
 'customer_advisories': '12 months of complimentary credit monitoring and '
                        'identity protection via Cyberscout (TransUnion '
                        'subsidiary), enrollment required within 90 days of '
                        'notification. Federal law entitles victims to free '
                        'annual credit reports and options to place fraud '
                        'alerts or credit freezes.',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security numbers',
                                              'client ID scans',
                                              'addresses',
                                              'phone numbers',
                                              'full credit histories']},
 'date_detected': '2025-09-24',
 'date_publicly_disclosed': '2026-02-04',
 'description': 'Evolve Mortgage Services, a Texas-based provider of '
                'outsourced mortgage solutions to financial institutions, '
                'confirmed a data breach after detecting suspicious activity '
                'in its systems on September 24, 2025. A third-party '
                'investigation revealed unauthorized access occurred between '
                'September 17 and 24, 2025, with the INC RANSOM ransomware '
                'group claiming responsibility. The attackers alleged they '
                'exfiltrated 20 terabytes of data, including sensitive '
                'customer information such as Social Security numbers, client '
                'ID scans, addresses, phone numbers, and full credit histories '
                'dating back to 2016. The stolen data was posted on the dark '
                'web on October 30, 2025.',
 'impact': {'data_compromised': '20 terabytes',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Class-action investigation'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
 'investigation_status': 'Ongoing',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'INC RANSOM'},
 'references': [{'source': 'California Attorney General'},
                {'date_accessed': '2025-10-30', 'source': 'Dark web posting'}],
 'regulatory_compliance': {'legal_actions': 'Class-action investigation by '
                                            'Shamis & Gentile P.A.',
                           'regulatory_notifications': 'Reported to California '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Public disclosure to California '
                                        'Attorney General, credit monitoring '
                                        'offer',
              'third_party_assistance': 'Yes'},
 'threat_actor': 'INC RANSOM',
 'title': 'Evolve Mortgage Services Hit by INC RANSOM Attack, Exposing '
          'Sensitive Financial Data',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.