Mortgage Investors Group Data Breach Exposes SSNs and Financial Info

On December 11, 2024, Mortgage Investors Group (MIG), a prominent residential mortgage lender in the Southeast, experienced a cybersecurity incident that compromised its network infrastructure. The breach was discovered on December 12, 2024, prompting MIG to engage a specialized cybersecurity firm to conduct a comprehensive forensic investigation.

This investigation revealed that an unauthorized user had gained access to MIG’s computer environment, potentially exposing sensitive personal information of numerous individuals, including name, driver's license number, Social Security number, financial account information, and credit or debit card numbers.

The number of individuals affected is not yet known, but the breach has reportedly affected 32 Massachusetts residents and 6 Rhode Island residents. As this is an ongoing investigation, this page will be updated with additional information as it becomes available.

MIG has disclosed this incident to the Massachusetts Office of Consumer Affairs and Business Regulation. The company has also posted a Cybersecurity Incident Notification on its website and notified impacted individuals by mail on Dec. 30, 2025.

Mortgage Investors Group's Response

In response to the data breach, Mortgage Investors Group has taken several proactive measures. The company has engaged a vendor to identify the affected individuals and the specific types of information compromised. This identification process is expected to take several weeks.

Upon completion, MIG will notify all affected individuals directly via U.S. First Class mail. The notification will include details about the incident and steps to protect their information. Additionally, MIG is offering complimentary credit monitoring and related services through Cyberscout, a TransUnion company, to assist those impacted by the breach.

Given the nature of the breach, it is crucial for affected individuals to monitor their financial statements and credit reports closely. MIG recommends updating passwords, especially if the same password is used across multiple accounts, to enhance security.