The American Lending Center (ALC) notified consumers of a data breach on Apr. 28, 2026 — however, the breach itself had been discovered July 27, 2025. 

According to the notice letter sent by the organization, this data breach involved ransomware. 

“Through a forensic investigation into this breach, it was discovered that the threat actor compromised internal network, executed a ransomware attack, and accessed certain files that may have contained personal identifying or sensitive information,” the letter reads. 

At this time, the company states it has seen no evidence of information misuse. 

“Targeting organizations in the Banking and Finance industry makes sense for threat actors as their core business revolves around collecting and storing personal information of their customers at scale,” says Grayson North, Principal Threat Intelligence Consultant at GuidePoint Security. “We have also seen threat actors consistently target companies in the cryptocurrency space. Many actors, especially advanced persistent threat groups aligned with North Korea, love to target firms with significant cryptocurrency holdings. Direct crypto theft is a much simpler monetization strategy than ransomware.”

Reports suggest more than 123,000 individuals have been affected.