Impac Mortgage Holdings Data Breach Exposes Social Security Numbers

Irvine, California based Impac Mortgage Holdings disclosed a data breach involving unauthorized access to its computer systems.

On March 20, 2024, Impac Mortgage Holdings identified signs of potential unauthorized access to its computer systems, according to the company's notification to consumers. The company stated that it "promptly launched an extensive investigation to determine the nature and scope of the event." It also worked quickly to secure its systems.

The company reported the incident to federal law enforcement and supported their investigation, according to the notification. Working alongside third-party professionals, the company determined that an unknown actor may have gained access to certain files and folders containing protected information, including names and Social Security numbers.

The unauthorized access took place during a roughly four-week window between Feb. 21, 2024, and March 20, 2024.

The company completed its review and began sending notification letters in late March 2026, roughly two years after the unauthorized access was first detected. The company stated it was "providing this notice in an abundance of caution."

The breach was reported to attorneys general in California and Maine on April 17, 2026, with five Maine residents identified as having been notified of the incident and 11 in Rhode Island.

The company began sending written notifications to affected individuals on March 27, 2026.

Impac Mortgage Holdings' response

Given that Social Security numbers were among the information potentially exposed, Impac Mortgage Holdings is offering affected individuals 12 months of free credit monitoring services through Cyberscout, a TransUnion company. The monitoring package includes single bureau credit monitoring, a single bureau credit report and a single bureau credit score.

Affected individuals are not automatically enrolled in the credit monitoring services and must sign up on their own. To enroll, they can visit the Cyberscout activation page and enter the unique code included in their notification letter.

For questions about the breach or the credit monitoring offer, affected individuals can call the dedicated response line at 833-877-5456, Monday through Friday, 8:00 a.m. to 8:00 p.m. EST, excluding holidays.