The incident in December compromised the personal identifiable information of 27,746 customers, the mortgage company said in a disclosure to the Indiana Attorney General's office. An unidentified hacker gained access to the company's network on Dec. 5 and obtained sensitive data on Dec. 19, in what Sage suggested was ransomware attack. 

Two affected consumers accused the lender of negligence in separate lawsuits in February and March. The lawsuits are similar to complaints which have followed cybersecurity incidents at other lenders, but unlike other cases one could be rapidly approaching a resolution. 

Attorneys for both Sage and a former home loan customer in a South Carolina federal court case filed a joint notice earlier this month suggesting the sides were in settlement talks. 

"This motion is made for good cause, as the parties have been actively engaged (in) complex settlement negotiations with the possibility of early resolution for the putative class," wrote attorneys for both parties. 

Sage, formerly known as Lenox Financial Mortgage Corp. was granted a June 3 deadline for an update. The company didn't respond to requests for comment Monday, while attorneys didn't immediately respond to inquiries Tuesday morning. 

The lender, based in Fort Mill, South Carolina outside of Charlotte, has 49 mortgage loan originators across 8 branches nationwide, according to consumer Nationwide Multistate Licensing System records. Data from S&P Global show Sage originated $145 million in mortgage loan volume last year.

The firm's public data breach notices to state attorneys general offices reveal few details about the attack. It locked down its network and reset account passwords once the breach was discovered. 

Sage also offered identity theft protection services for 12 to 24 months, which included a $1 million insurance reimbursement policy. The deadline to enroll expired May 2. 

The South Carolina lawsuit, filed by Massachusetts resident Patricia Burnelle, seeks damages in excess of $5 million. Demands include for Sage to delete prospective class members' PII, if the company can't provide reasonable justification to keep it, and for the lender to maintain enhanced cybersecurity controls. 

Sage has yet to respond to the second complaint in a California federal court. 

A quick resolution would be uncommon among mortgage companies who've been hit with a plethora of data breach complaints in the past few years. Many cases stemming from data breaches at prominent industry firms in the past two years remain unresolved, and any settlements are largely undisclosed.