Plaza Home Mortgage discloses data breach affecting customers and employees

Plaza Home Mortgage, a wholesale and correspondent mortgage lender, has disclosed a data breach that may have exposed the personal information of customers and employees.

The company said the incident occurred on or around Feb. 17, 2026, when threat actors gained unauthorized access to an employee’s computer and illegally accessed its information systems. Plaza said its security controls detected the activity immediately, allowing the company to take action to shut down the attack.

However, the company said customer information may have been compromised, including names, addresses, Social Security numbers, dates of birth, driver’s license numbers or other government identification details, and information related to mortgage applications and servicing.

For Plaza employees, the potentially exposed information also includes usernames and passwords for company accounts. The company has not publicly disclosed the exact number of affected individuals or the states involved.

California-based Plaza Home Mortgage ranked as the 39th-largest mortgage lender in the U.S. during the first quarter of 2026, according to Inside Mortgage Finance. The company originated about $2 billion in loans during the period, a 32% increase from the previous year.

Following the incident, Plaza said it launched an investigation and removed the threat actor from its systems. The company also said it implemented additional organizational, technical, and administrative security measures to prevent a similar incident from happening again.

Plaza notified affected customers and employees on May 29. The company said it will provide free access to credit monitoring, identity monitoring, and identity restoration services to impacted individuals.

“We are very sorry for any concerns that this incident has caused our customers and employees. We will continue to monitor our security systems to safeguard our customers’ and employees’ information and privacy,” said Kevin Parra, co-founder, chairman, and CEO of Plaza Home Mortgage.

The disclosure adds Plaza to a growing list of mortgage companies affected by cyberattacks and data compromises. In March 2026, US Mortgage Corp. faced a class-action lawsuit following a May 2025 breach that allegedly exposed sensitive information on the dark web. In July 2025, New American Funding also reported a data breach involving a vendor that may have compromised customer data.