American First Finance Data Breach Affects 689,000

On June 18, 2025, American First Finance, LLC (AFF) discovered a data breach that affected approximately 689,000 individuals across the United States. The cybersecurity incident occurred between May 31, 2024, and June 3, 2024 and was the result of unauthorized access by a former employee of FinWise Bank, a partner institution that works closely with AFF to provide installment loans and related financial services.

The former employee accessed sensitive data after their employment had ended. The compromised information included personally identifiable information (PII). Exposed data may include names, addresses, dates of birth, Social Security numbers and financial account information.

Consumers who have had, or applied for, a FinWise loan, a lease-to-own account, or a retail installment sales agreement account with American First Finance, may have been impacted by this cybersecurity incident. Affected individuals includes 108,069 in Texas and 208 Maine residents.

American First Finance began notifying impacted individuals on July 29, 2025. The data breach was disclosed to multiple Attorney Generals' offices beginning on Sept. 12, 2025, including California, Maine, Texas and Massachusetts.

American First Finance's response

In addition to required state and federal disclosures, AFF is offering impacted individuals 12 free months of free credit monitoring and identity theft protection services.

If you receive notification from FinWise Bank and American First Finance about this breach, you may want to:

• Sign up for the free credit monitoring identity theft protection services, offered by the companies.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the finance company, visit the American First Finance website.