16.6 Million People's Data Stolen from a US Mortgage Company

What Happened?

In January 2026, a major American mortgage company called LoanDepot was hacked .

The hackers stole the sensitive personal information of 16.6 million customers .

To put that number in perspective: That is roughly one out of every 20 American adults who have a mortgage.

What Was Stolen?

The full list has not been released, but based on similar breaches, the stolen data likely includes :

• Full names
• Home addresses
• Social Security numbers (the American equivalent of a National Identification Number)
• Bank account details
• Mortgage payment histories

Why This Is Terrifying

Dr. Darren Williams, a cybersecurity expert, explained it this way :

"There's been a recent uptick in cybercriminals' interest in the loan and mortgage industry. Cybercriminals are discovering holes and a lack of investment in security in this industry, and many are stepping in to take advantage."

And here is the worst part: Weeks after the attack, customers were still unable to make payments or access their online accounts .

Imagine not being able to pay your mortgage because the company you owe money to was hacked. The stress. The late fees. The damage to your credit score.

The Second American Attack: Kaaj Technologies

That same month, another company—Kaaj Technologies, which provides AI credit analysis for small business lenders—also got hacked .

Kaaj began notifying affected individuals on March 26, 2026, about a cybersecurity incident that happened on January 13, 2026 .

A law firm investigating the breach warned :

"If you interacted with Kaaj, your information was probably taken by cybercriminals. That's serious. They can take out credit cards in your name, get your tax return, take your identity and ruin your credit."

The Simple Truth

You might be thinking: "I do not live in America. This does not affect me."

But here is the reality: Loan apps and financial technology companies ALL OVER THE WORLD collect your personal data. If a billion-dollar American company cannot protect 16.6 million customers, what chance does a small loan app in your country have?

Your data is not safe anywhere. Assume every loan app will eventually be hacked.

Step-by-Step Solutions (What YOU Can Do)

Step 1: Assume a breach will happen. Before you give ANY loan app your personal information, ask yourself: "Am I comfortable with this data ending up in the hands of criminals?" Because there is a real chance it will.

Step 2: Use a separate email address for loan apps. Do not use the same email you use for your bank, your job, or your family. Create a free email account specifically for financial apps. If that email gets hacked, your main accounts remain safe.

Step 3: Never share your National ID number unless ABSOLUTELY necessary. Many loan apps ask for your NIN, Social Security number, or equivalent ID. Ask them: "Why do you need this? Can you verify my identity another way?" If they insist, consider walking away.

Step 4: Monitor your bank accounts WEEKLY. Do not wait for a monthly statement. Check your transactions every week. If you see something you do not recognize, report it immediately.

Step 5: If you receive a breach notification letter, take it seriously. Do not throw it away. Do not ignore it. The company is required by law to tell you if your data was stolen. Follow their instructions for credit monitoring or identity protection services.