NJ Lenders Corp, a mortgage banker licensed across 22 U.S. states, suffered a cybersecurity breach on August 18, 2025, where an unauthorized actor accessed its internal systems and exfiltrated sensitive personal and financial data. The compromised information includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, employment records, taxpayer details, and financial account information—affecting customers and applicants across multiple states. The breach was investigated by external cybersecurity experts, with notifications to affected individuals and state Attorney Generals (Maine, Massachusetts, Vermont) issued in October 2025.The incident exposes victims to identity theft, financial fraud, and phishing risks, prompting NJ Lenders Corp to offer free IDX identity theft protection services (credit monitoring, $1M insurance, recovery assistance) until January 10, 2026. While the exact number of impacted individuals remains undisclosed, the breach’s scope suggests severe reputational and financial consequences for the company, alongside regulatory scrutiny. The attack’s focus on highly sensitive customer data—without ransomware involvement—underscores its critical impact on trust and operational integrity.
Source: https://www.claimdepot.com/data-breach/nj-lenders-2025
TPRM report: https://www.rankiteo.com/company/mortgage-access-corporation
"id": "mor3533035102225",
"linkid": "mortgage-access-corporation",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Undisclosed (includes customers '
'and applicants from multiple '
'states)',
'industry': 'Financial Services',
'location': 'Licensed in 22 U.S. states (exact HQ '
'location unspecified)',
'name': 'NJ Lenders Corp',
'type': 'Mortgage Banker'}],
'customer_advisories': 'Mail notifications sent to affected individuals '
'(starting 2025-10-10) with guidance on identity '
'protection measures',
'data_breach': {'data_exfiltration': "Likely (unauthorized actor 'may have "
"acquired' data)",
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of birth',
'Social Security '
'numbers',
"Driver's license "
'numbers',
'Employment '
'information',
'Taxpayer '
'information'],
'sensitivity_of_data': 'High (includes SSNs, financial '
'accounts, taxpayer info)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information']},
'date_detected': '2025-08-18',
'date_publicly_disclosed': '2025-10-10',
'date_resolved': '2025-09-12',
'description': 'NJ Lenders Corp, a mortgage banker licensed in 22 states, '
'experienced a cybersecurity incident where an unauthorized '
'actor accessed internal systems and may have acquired '
'sensitive personal information. The breach exposed data such '
'as names, addresses, Social Security numbers, financial '
'account information, and more. The company engaged external '
'cybersecurity experts, notified law enforcement, and offered '
'complimentary identity theft protection services to affected '
'individuals.',
'impact': {'brand_reputation_impact': 'Potential risk due to exposure of '
'sensitive personal and financial data',
'data_compromised': ['Names',
'Addresses',
'Dates of birth',
'Social Security numbers',
"Driver's license numbers",
'Employment information',
'Taxpayer information',
'Financial account information'],
'identity_theft_risk': 'High (due to exposure of PII and financial '
'data)',
'legal_liabilities': 'Disclosed to Maine, Massachusetts, and '
"Vermont Attorney Generals' offices",
'payment_information_risk': 'High (financial account information '
'exposed)',
'systems_affected': ['Internal systems']},
'investigation_status': 'Completed (as of 2025-09-12)',
'recommendations': ['Sign up for free IDX identity theft protection services',
'Monitor credit reports and financial accounts for '
'unusual activity',
'Be alert for phishing attempts using exposed information',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus'],
'references': [{'source': 'NJ Lenders Corp Official Website'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General',
'Massachusetts '
'Attorney General',
'Vermont Attorney '
'General']},
'response': {'communication_strategy': 'Notification via mail to affected '
'individuals (starting 2025-10-10); '
'disclosure to state Attorney Generals '
'(starting 2025-10-20)',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': 'Offered complimentary IDX identity theft '
'protection services (credit monitoring, '
'$1M insurance, recovery services) to '
'affected individuals until 2026-01-10',
'third_party_assistance': 'External cybersecurity experts '
'engaged'},
'threat_actor': 'Unauthorized actor',
'title': 'NJ Lenders Corp Data Breach (2025)',
'type': 'Data Breach'}