Us Mortgage Hit With Class-action Suit Over May 2025 Data Breach

A former US Mortgage Corp. employee has filed a class-action complaint against the company following a data breach that occurred in May 2025, claiming that the incident could have been avoided if not for the company’s negligence.

Richard Bernich, who brought the suit individually and on behalf of a proposed class of all individuals in the U.S. whose information was compromised, filed the suit on Monday in the U.S. District Court for the Eastern District of New York.

The lawsuit alleges that an incident where cybercriminals hacked into US Mortgage Corp.’s network and stole sensitive “private information” led to several employees’ personal data being exposed.

The document does not provide a specific date for when Bernich’s employment ended, but it notes that he provided his private information to the company as a condition of his employment” before the data breach.” According to Bernich’s LinkedIn profile, he worked for the company between October 2o10 and February 2014.

The suit says that the purpose of US Mortgage using the data was to “derive economic benefits, including for marketing purposes, and could not operate or profit without that data.”

“In exchange for receiving Plaintiff’s and Class Members’ Private Information, Defendant promised to safeguard the sensitive and confidential data, to use it only for authorized and legitimate purposes, and to delete such information from its systems once there was no longer a need to maintain it,” the suit reads.

The lawsuit also notes a significant delay in public disclosure; while the company reportedly detected suspicious activity on May 14, 2025, it did not notify its employees until March 2026. The root of the breach is omitted from the letter that the company sent to employees.

Bernich claims the breach was a “foreseeable and preventable” result of the defendant’s failure to implement industry-standard security measures, such as data encryption and multifactor authentication.

As a result, the lawsuit alleges that the sensitive data — which includes names, birthdates, government identification numbers, mortgage account details and limited protected health information — has already been disseminated on the “dark web,” placing affected individuals at a lifelong risk of identity theft and financial fraud.

Bernich claims he has already spent significant time and money on credit monitoring services to mitigate the impact of the breach. He is demanding a jury trial.

The legal action asserts claims of negligence, breach of implied contract and unjust enrichment. It seeks class-action certification to represent all affected individuals nationwide, as well as compensatory and punitive damages exceeding $5 million.

Additionally, the suit seeks a court order requiring US Mortgage to overhaul its cybersecurity protocols, including regular testing of its systems and the deletion of unnecessary personal data.

Bernich and his counsel told HousingWire they had no further comments. US Mortgage did not immediately responded to a request for comment.

US Mortgage, founded in 1994, is a direct lender licensed in 49 states and Washington, D.C. The company has provided more than $18 billion in loans to 57,000-plus homeowners since its founding, according to the lawsuit.

Modex data shows that the company has 55 producing loan officers in 22 branch locations and has closed $468 million in mortgages over the past year.