Kaaj Technologies Data Breach Exposes Small Business Loan Data

Kaaj Technologies Inc., a San Francisco-based fintech company, disclosed a data breach involving unauthorized access to its systems. The breach affected loan application data that Kaaj maintained on behalf of its lending industry clients, including Wheel Equipment Leasing, LLC and Ailco Equipment Finance Group Inc.

The breach was disclosed to the South Carolina Attorney General on March 26, 2026, with seven South Carolina residents identified as affected.

What happened in the Kaaj Technologies data breach

On Jan. 13, 2026, Kaaj detected suspicious activity within its environment. The company stated that it launched an investigation with the assistance of third-party forensic specialists to determine the nature and scope of the activity.

The investigation determined that Kaaj's environment was subject to unauthorized access on that date and that some data was copied during the incident. As part of its credit analysis services for lending companies, Kaaj maintained a database containing certain loan application information.

The types of information stored in the affected database varied by individual but generally included applicants' names, addresses and Social Security numbers. Kaaj stated that the raw loan package files provided by its clients were not stored in the affected database and were not impacted by this incident.

So far, two separate notification letters were filed with state regulators regarding this incident. One was sent directly by Kaaj to individuals whose information was processed on behalf of Wheel Equipment Leasing. The other was sent by Ailco Equipment Finance Group, which identified Kaaj as its service provider.

Kaaj Technologies' response to the breach

Kaaj is providing affected individuals with complimentary credit monitoring and identity protection services through Experian IdentityWorks at no cost. The services include an Experian credit report at signup, ongoing credit monitoring of the individual's Experian file for indicators of fraud, identity restoration support and $1 million in identity theft insurance.

Affected individuals must enroll in Experian IdentityWorks by June 30, 2026.

Kaaj has set up a dedicated phone line for individuals who have questions about the breach. The number is 833-745-2427, available Monday through Friday, 8 a.m. to 8 p.m. Central Time, excluding major U.S. holidays. Individuals may also write to Kaaj at 95 Third St., Second Floor, San Francisco, CA 94103.

Steps to take if your information was exposed

• Place a credit freeze or fraud alert with Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-833-799-5355) to help prevent new accounts from being opened using stolen personal information.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts, hard inquiries or other suspicious activity.
• Monitor bank and financial account statements for unauthorized transactions and report any suspicious activity to the financial institution right away.
• Be cautious of phishing attempts that reference Kaaj Technologies, Wheel Equipment Leasing, Ailco Equipment Finance Group or this specific breach, as scammers sometimes use breach notifications to trick people into sharing additional personal information.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338 and consider filing a police report if identity theft is confirmed.