A former US Mortgage employee is suing the lender for failing to protect his personal data in a hack last year, which the company has said it took swift action to address.

Richard Bernich sued the Long Island-based company in federal court for negligence, the latest data breach suit against a mortgage player following a cybersecurity incident. The lender notified impacted consumers this month that it suffered a ransomware event last May, which compromised personally identifiable information including Social Security numbers, financial information and limited medical data. Employees were also affected.

The full scope of the incident was not disclosed. The Melville, New York-based company lists 27 branches coast-to-coast in Nationwide Multistate Licensing System records. It recorded $510 million in origination volume in 2024, according to the latest Home Mortgage Disclosure Act data available from the Federal Financial Institutions Examination Council.

The plaintiff's lawsuit filed Monday was similar to the dozens of post-breach lawsuits filed by mortgage customers, accusing lenders of exposing victims' PII to fraudulent activity. Bernich also suggested US Mortgage failed to use adequate and legally compliant data security measures. 

In a statement to National Mortgage News Tuesday, the company defended its technology practices. 

"Cybersecurity breaches are an unfortunate reality impacting many companies across the mortgage industry, and we empathize with those who have been affected by these serious and disruptive events," said Michael Verambeck, chief technology officer at US Mortgage. 

The company also describes the events surrounding the incident on its website, and in publicly disclosed letters with affected New Hampshire residents. 

Two attorneys for Bernich did not respond to requests for comment Tuesday. 

What happened at US Mortgage?

The lender detected the breach May 13, 2025 when it noticed unauthorized activity in its network, according to a letter signed by the company president. It notified outside counsel and law enforcement and retained cybersecurity experts, who began remediation work.

Those efforts included restoring files from backups and resetting passwords, rebuilding affected systems in a clean environment, and adopting additional technical safeguards, US Mortgage explained. The hack lasted two days. 

"Those enhancements built on our existing security infrastructure, which included measures such as firewalls, multifactor authentication, and secure backups," the letter read.

While Bernich's lawsuit criticizes the delay from breach to notification, the lender explained it needed time to review affected data and match it with missing contact information. 

Lenders continue to get targeted

Cybercriminals continue to pester the industry as lenders and vendors have quietly disclosed more incidents in recent months. 

Three additional nonbanks acknowledged in the past three months that they suffered hacks, according to state attorneys general databases. The range of those attacks may be minimal, with each company disclosing just a few dozen victims in select states, although the full scope of those breaches remains unknown. 

Other disclosures have also hinted at the extent of prior incidents, including vendor SitusAMC revealing at least 36,364 customers impacted in Texas alone for a November breach, according to a notice. 

New American Funding also revealed recently that at least 2,500 of its clients across Massachusetts and Texas were affected by the massive hack at Figure Lending. The fintech, which said through a spokesperson that acted quickly to address the breach, offers home equity and non-qualified mortgage products through the large lender. A spokesperson for NAF didn't return a request for comment regarding the breach or the companies' relationship.