Skip to main content
House House House House House House

Cornerstone First Mortgage Data Breach

Written by Joseph Lyon on . Posted in Data Breach.

A data breach tied to Cornerstone First Mortgage LLC has raised serious concerns for homeowners and borrowers whose sensitive personal information may have been sitting in the hands of unauthorized parties for over two years without their knowledge. The breach itself occurred sometime in July or August of 2023, yet the company did not discover it until September 2025 — and formal reporting to the Massachusetts Attorney General’s office did not occur until March 5, 2026. Contact our data breach lawyers to learn more. 

What Info was Leaked at Cornerstone First Mortgage?

Cornerstone First Mortgage is a full-service mortgage lender and broker headquartered in San Diego, California. The company handles in-house processing, underwriting, and funding for residential loans, serving clients across 47 states and 50 metro areas. Founded in 2007 and employing over 350 people, the company markets itself on efficiency and customer trust — values that its data security practices appear to have fallen significantly short of.

According to current disclosures, Social Security numbers are the only confirmed category of exposed data. At least 73 individuals in Massachusetts were identified as affected, though the full scope of the breach across all states remains unclear. Given the company’s national reach and California headquarters, the number of impacted borrowers is almost certainly far greater than what has been formally disclosed so far.

Why a Two-Year Gap Is a Major Problem

When a company processes mortgage applications, it holds some of the most sensitive financial data imaginable — names, income figures, employment history, and Social Security numbers. Cornerstone First Mortgage held that data and, according to current disclosures, failed to detect unauthorized access for roughly two years. During that window, bad actors potentially had ample time to exploit stolen Social Security numbers for identity theft, fraudulent tax filings, unauthorized credit applications, and more.

Under California law, companies that collect personal data have affirmative obligations to protect it and to notify affected individuals promptly once a breach is discovered. A detection gap of this magnitude raises serious questions about the adequacy of Cornerstone’s cybersecurity infrastructure and internal monitoring systems.

What Should Cornertsone Borrowers Do Now?

If you took out a mortgage through Cornerstone First Mortgage or its predecessor company, Cornerstone First Mortgage Inc., here are immediate steps worth taking. Place a credit freeze with all three major bureaus — Equifax, Experian, and TransUnion. Review your credit reports for unfamiliar accounts or inquiries. File a report with the FTC at IdentityTheft.gov. And critically, speak with a data breach attorney about whether you have a claim.

Why Hire The Lyon Firm?

The Lyon Firm has a proven track record of holding corporations accountable when they fail to protect the people who trusted them with sensitive personal information. Data breach litigation is nuanced — it requires understanding both the technical dimensions of how a breach occurred and the legal landscape governing consumer privacy rights.

The Lyon Firm combines that expertise with a genuine commitment to results for individual clients, not just settlements that benefit attorneys. The firm handles cases on a contingency basis, meaning clients pay nothing unless compensation is recovered. If your Social Security number was exposed in the Cornerstone First Mortgage breach, you deserve to know your rights — and to have a firm that will aggressively pursue them on your behalf.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.