Skip to main content
Computer

Kaaj Technologies Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

When you apply for a business loan, you hand over some very sensitive information. Your name, your address, your Social Security number. You do it because you have to, and because you trust that the company on the other end is taking reasonable steps to protect it. For thousands of small business owners who applied for financing through lenders using Kaaj Technologies, that trust may have been compromised. Contact our data breach lawyers to review your claim. 

What Is Kaaj Technologies?

Kaaj Technologies is a San Francisco-based fintech company that builds AI-powered credit analysis tools for lenders and brokers in the small business lending space. Rather than working directly with borrowers, Kaaj operates behind the scenes, powering the platforms that financial companies use to review and process loan applications. That behind-the-scenes role is exactly what makes this breach so significant. Many affected individuals may never have heard of Kaaj Technologies, yet the company was holding some of their most sensitive personal data.

What Happened at Kaaj?

On January 13, 2026, an unauthorized party gained access to Kaaj Technologies’ computer systems and copied data from its environment. Kaaj discovered the anomalous activity, launched a forensic investigation, and eventually determined the scope of what had been accessed.

Ailco Equipment Finance Group, an equipment financing company that used Kaaj’s platform to process small business loan applications, learned of the incident on February 11, 2026. Breach notification letters were sent to affected individuals on March 26, 2026, and the breach was reported to the attorneys general of California, Massachusetts, Vermont, Oregon, Texas, and several other states. The personal information potentially exposed includes:

  • Full names
  • Home addresses
  • Social Security numbers

Why a Social Security Number Breach is Critical

There is a meaningful difference between a company exposing your email address and a company exposing your Social Security number. An email address can be changed. A Social Security number cannot. Once that nine-digit number is in the wrong hands, it can be used to open fraudulent credit accounts, file false tax returns, claim government benefits, and create financial chaos that can follow a person for years.

For small business owners already managing tight margins and complex finances, the fallout from identity theft can be especially damaging. The concern is not just what a bad actor might do today. It is what they might do six months or two years from now, when you have long since moved on and stopped watching as closely.

What Is Being Offered to Affected Individuals

Kaaj Technologies is providing affected individuals with complimentary credit monitoring and identity protection services through Experian IdentityWorks. The package includes monitoring of the individual’s Experian credit file, access to identity restoration specialists, and up to one million dollars in identity theft insurance coverage. The deadline to enroll is June 30, 2026.

It is reasonable to take advantage of these services. It is equally reasonable to understand that accepting them does not give up any legal rights you may have. These offerings are a starting point, not a resolution.

Your Rights Under California Law

California has built some of the most comprehensive consumer privacy protections in the country. Under the California Consumer Privacy Act, companies are required to implement and maintain reasonable security measures to protect personal information. When they fail to do so and a breach occurs, affected individuals may have grounds for a legal claim.

California law also sets strict timelines for breach notification. Effective January 1, 2026, companies must notify affected California residents within 30 calendar days of discovering a breach, and must alert the California Attorney General within 15 days of notifying consumers if more than 500 residents are affected.

In this case, Ailco documented that it learned of the incident on February 11, 2026. Notification letters did not go out until March 26, 2026, a gap of more than 40 days. Whether that timeline satisfies California’s current requirements is a question worth examining closely.

Why You Should Speak With a Data Breach Attorney

A data breach notice in your mailbox is not just an inconvenience. It is documentation that a company entrusted with your personal information failed to adequately protect it. Depending on the circumstances, you may be entitled to compensation for the harm caused, including costs related to identity theft, the time and effort spent addressing fraudulent activity, and the stress of knowing your most sensitive information is in unknown hands.

If your information was exposed in the Kaaj Technologies breach, contact The Lyon Firm today for a free, no-obligation consultation. You deserve answers, and you deserve someone in your corner.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.