The Everest ransomware group has allegedly published the full data of New American Funding, a major U.S. mortgage lender. The data was reportedly released today, following a compromise that is said to have occurred on May 23, 2025. The publication of the data comes after the ransomware group’s deadline for negotiations apparently passed, with the group issuing a final warning: “Our group gives you the last chance to continue negotiations or the data will be published before time runs out.”
New American Funding is a significant player in the United States mortgage industry, providing a wide range of home loan services to customers across the nation. The company’s importance in the financial sector makes this alleged data leak a serious concern, potentially impacting a large number of borrowers. The origin of the attack is attributed to the Everest ransomware group, a known cybercriminal organization with a history of targeting prominent entities. Recent reports indicate that a ransomware attack by the Everest group was linked to a security incident at one of New American Funding’s third-party vendors, Mobile Notary Zone, which was first disclosed in June 2025.
The full extent of the published data is not yet publicly detailed, but based on initial breach notifications stemming from the third-party vendor incident, the compromised information could be extensive. The types of data allegedly stolen and now potentially released to the public include:
- Full names
- Addresses
- Social Security numbers
- Dates of birth
- Government-issued IDs
- Financial account information
- Medical information
This incident highlights the growing threat of ransomware attacks and the cascading effect of supply chain vulnerabilities, where a breach at a single vendor can have significant consequences for larger organizations and their customers.
