Plaza Home Mortgage, a wholesale and correspondent mortgage lender, has disclosed a data breach due to a security incident that may have exposed customers’ and employees’ personal information. The exact number of people affected and the specific states involved have not yet been publicly disclosed.
The company said that on or around Feb. 17, 2026, there was unauthorized access to an employee’s computer when “threat actors” illegally accessed information systems without permission. “Our security controls immediately informed us about the access, and we took action immediately to shut down the attack,” the company stated.
But the company explained that customer information — such as names, addresses, Social Security numbers, birth dates, driver’s licenses or other government identification, as well as information related to mortgage applications and servicing — may have been compromised. For employees of Plaza, the exposed data also includes usernames and passwords for their accounts.
California-based Plaza Home Mortgage was the 39th-largest mortgage lender in the country in the first three months of this year, per Inside Mortgage Finance. The company originated about $2 billion in the period, up 32% year over year.
The company said it launched an investigation, with immediate action to remove the threat actor from its systems. Plaza has also implemented “additional organizational, technical and administrative security measures to prevent the reoccurrence of this security incident and to protect the personal information of our employees and customers.”
The company notified impacted customers and employees of the incident on May 29. It said it will offer free access to credit and identity monitoring, as well as identity restoration services, to any affected individuals.
“We are very sorry for any concerns that this incident has caused our customers and employees. We will continue to monitor our security systems to safeguard our customers’ and employees’ information and privacy,” Kevin Parra, co-founder, chairman and CEO of Plaza Home Mortgage, said in a statement.
Plaza is the latest in a growing list of mortgage companies affected by cyberattacks and data compromises.
In March 2026, US Mortgage Corp. was hit with a class-action lawsuit following a May 2025 data breach that exposed sensitive information to the dark web.
Similarly, in July 2025, New American Funding reported a data breach to the California attorney general involving a vendor that potentially compromised customer data.
This article was written by Flávia Furlan Nunes and generated with the assistance of HousingWire Automation, then reviewed by a HousingWire editor before publication.
English (US) · 