What Happened in the Optimum First Mortgage Data Breach?
Optimum First Mortgage, a California-based mortgage lender, is now facing scrutiny after a threat group claimed responsibility for stealing a massive volume of company data. On June 19, 2026, a group known as PEAR posted on the dark web that it had obtained 9.3 terabytes of information from the company. This is a significant amount of data, and the posting reportedly includes both client and employee records.
According to the claims, the stolen data spans several categories. These reportedly include financial records, human resources files, client personal and financial details, and protected health information. The posting also allegedly contains mailboxes, email correspondence, database exports, and files stored on OneDrive. Because Optimum First Mortgage operates across 15 states, the potential reach of this incident could be broad.
At this time, the exact date when unauthorized access began has not been publicly disclosed. Similarly, the date the company first became aware of the intrusion remains unknown. As a result, it is difficult to determine how long the attackers may have had access to internal systems before the breach was discovered.
It’s also worth noting that PEAR’s claims have not been independently verified. However, the breadth and specificity of the data categories listed suggest a serious compromise. Until Optimum First Mortgage or an independent investigator confirms the scope, affected individuals should treat the situation with caution.
Who was affected?
Based on the nature of the claimed data, this breach could affect both current and former clients of Optimum First Mortgage, as well as company employees. Clients seeking or holding mortgages with the company may have had sensitive financial and personal details exposed. Meanwhile, employees could be affected through compromised human resources records.
The total number of individuals potentially impacted has not been publicly disclosed. Because Optimum First Mortgage operates in Arizona, California, Colorado, Florida, Idaho, Illinois, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, Tennessee, Texas, Virginia, and Washington, the affected population could span a wide geographic area. This multi-state footprint means the breach isn’t limited to a single region or customer base.
In addition, the presence of protected health information in the claimed data suggests some individuals may have submitted health-related documentation as part of their mortgage applications. This is common in certain loan underwriting processes. Consequently, the scope of exposure may go beyond typical financial details.
What Information Was Potentially Exposed?
The data allegedly stolen by PEAR covers a wide array of sensitive categories. Because the breach reportedly touches both client and employee records, the potential exposure is extensive. Below is a summary of the information categories referenced in the dark web posting.
- Clients’ personally identifiable information (PII)
- Clients’ private financial details
- Protected health information (PHI)
- Human resources records
- Company financial data
- Email correspondence and mailboxes
- Database exports
- OneDrive stored files
If confirmed, this combination of data creates serious risk for those affected. Financial details paired with personal identifiers can enable identity thieves to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. Because mortgage applications often include Social Security numbers and income information, the stakes are particularly high for clients.
Additionally, the presence of protected health information raises concerns about medical identity theft. This type of fraud can lead to incorrect medical records or fraudulent insurance claims. For employees, exposed HR records could reveal payroll details, benefits information, or other sensitive workplace data that scammers could exploit.
What is the company doing?
As of June 25, 2026, Optimum First Mortgage has not issued any public statement addressing the incident. It remains unclear whether the company has started notifying affected individuals. Similarly, there is no confirmation regarding law enforcement involvement or the engagement of a cybersecurity firm to investigate.
Because official communication has been limited, affected individuals currently have little guidance from the company itself. However, this could change as more details emerge. In the meantime, individuals who suspect they may be affected should contact Optimum First Mortgage directly for updates and reach out with any questions about their personal data.
What Should Affected Individuals Do?
Monitor Your Credit Reports Closely
Given the alleged exposure of financial and personal information, checking your credit reports regularly is essential. You can request free reports from each of the three major credit bureaus through AnnualCreditReport.com. Reviewing these reports helps you catch unauthorized accounts or inquiries early.
If you notice unfamiliar activity, report it immediately to the credit bureau and consider filing a police report. Early detection often makes a significant difference in limiting financial damage. For this reason, it’s wise to check your reports more frequently than usual during the months following this incident.
Consider a Fraud Alert or Credit Freeze
Because the breach reportedly includes financial and personally identifiable information, placing a fraud alert on your credit file is a smart precaution. A fraud alert requires lenders to take extra steps to verify your identity before opening new credit. This can slow down or prevent fraudulent account openings.
Alternatively, a credit freeze offers even stronger protection by restricting access to your credit file entirely. While a freeze requires you to temporarily lift it when applying for new credit yourself, it provides strong defense against identity thieves. Both options are free and can be requested directly from each credit bureau.
Watch for Signs of Medical Identity Theft
Since the claimed data includes protected health information, it’s important to review any medical statements or insurance explanations of benefits carefully. Look for services or treatments you don’t recognize. Unfamiliar charges could indicate someone has used your identity to obtain medical care.
If you spot suspicious activity, contact your health insurance provider right away. In addition, request copies of your medical records periodically to confirm they remain accurate. Catching discrepancies early can prevent long-term complications with your health records and insurance coverage.
Stay Alert for Phishing Attempts
Following a data breach, scammers often use stolen information to craft convincing phishing emails or phone calls. These messages may pretend to be from Optimum First Mortgage, a bank, or a government agency. Because the attackers may have access to real personal details, these scams can appear unusually legitimate.
To protect yourself, avoid clicking links or providing information in unsolicited messages. Instead, verify any request by contacting the organization directly using a known phone number or website. This simple habit can prevent you from falling victim to follow-up scams tied to this breach.
Keep Records and Consider Legal Options
If you experience financial losses or identity theft linked to this breach, keep detailed records of all related communications and expenses. This documentation can support any claims you may need to file later. It also helps demonstrate the impact the breach had on your personal situation.
Because data breach laws vary by state, consulting a data breach attorney can help clarify your options. Many attorneys offer free case evaluations to determine whether you may be eligible for compensation. This step costs nothing upfront and can provide clarity on your legal rights.
