A California direct lender is dealing with the effects of a new data breach, the latest in a number of purported cyberattacks on the mortgage industry perpetrated by ransomware groups.  

Huntington Beach, California-based Optimum First Mortgage initially learned of a data incursion around June 19, according to legal documents filed this week. Infiltrators had first gained access to the lender's data days earlier, threat intelligence platform Ransomware.live reported.

Cyber extortion group PEAR, or Pure Extraction and Ransom, claimed responsibility for the cyberattack on its dark web site, alleging the successful removal of 9.3 terabytes of sensitive data and threatening to leak the information if demands were not met. If true, the reported scope of volume would represent a "significant" incident, with compromised data likely including financial documents, personally identifiable information and email correspondence, according to global firm Femto Security. 

Officials from Optimum First disputed the accuracy of the reported number based on the company's current internal investigation. "We have found no evidence that our loan origination or application software systems were breached," a company representative said in a statement.  

"Our review remains ongoing, and we are continuing to assess the scope of any potentially affected information. We are also implementing additional security measures and safeguards designed to further strengthen our environment and reduce the risk of similar incidents in the future," the representative continued.

An estimated number of potentially affected individuals and other specific details surrounding the incident could not be provided. 

Founded in 2009, Optimum First currently counts 83 loan officers in its network, according to the Nationwide Multistate Licensing System. The company operates primarily as a nondelegated lender and is licensed to originate in 15 states, with retail branches located in California, Arizona and Idaho. 

Cyberattacks occurring with alarming frequency

The Optimum First data breach is one of several incidents to hit mortgage lenders in the past two years, with various ransomware groups taking responsibility for striking a range of companies. In some of the class action suits that followed, transcripts from court proceedings detailed ransom payments.  

Reports of cyber attacks in the past three months alone have come from the likes of wholesale lender Plaza Home Mortgage and reverse specialist Finance of America.  

Despite the frequency of such attacks, cybersecurity experts in past years have noted that the mortgage industry did not appear to be part of a targeted criminal fraud strategy, but represented easy opportunities where perpetrators saw vulnerability.