McLean Mortgage notifies 30K people of data breach that compromised SSNs, financial accounts

McLean Mortgage Corporation yesterday confirmed it notified 30,453 people of an October 2024 data breach that compromised names, Social Security numbers, driver’s license numbers, and financial account numbers.

Ransomware gang Black Basta took credit for the attack in November 2024, when it gave McLean one week to pay an undisclosed amount in ransom. To prove its claim, Black Basta posted an images of what it says are files stolen from McLean.

McLean has not verified Black Basta’s claim. We do not know if McLean paid a ransom, how much Black Basta demanded, or how attackers breached McLean’s network. Comparitech contacted McLean for comment and will update this article if it replies.

“On May 12, 2025, McLean learned that some of your personal information may have been affected by a data security incident,” says the company’s notice to victims. “McLean first identified suspicious activity within its digital systems on or around October 17, 2024, and immediately engaged a team of cybersecurity experts to investigate and help determine whether any sensitive data may have been impacted. The investigation revealed that certain files within our network may have been downloaded without authorization.”

McLean’s website was taken down after the attack and is still offline at time of writing.

McLean is offering eligible victims 12 months of free credit monitoring through IDX. The deadline to enroll is September 11, 2025.

Who is Black Basta?

Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients pay Black Basta to use its ransomware and infrastructure to launch attacks and collect ransoms. Black Basta often extorts victims both for a key to restore infected systems and for not selling or publicly releasing stolen data.

Black Basta has not claimed responsibility for any new attacks since January 2025. Evidence suggests the group might have rebranded or spun off into a new group, Warlock. Warlock recently took credit for two breaches that Black Basta had previously claimed.

Since 2022, Black Basta has claimed 168 confirmed ransomware attacks, compromising more than 11.7 million records.

Black Basta was especially active in October 2024. That month, it claimed credit for a number of breaches in addition to McLean:

• Andy Frain Services notified 100,964 people of an October 2024 data breach
• Weber Packaging Solutions reported an October 2024 data breach
• Law firm Gleason, Flynn, Emig, and McAfee reported an October 2024 data breach

Ransomware attacks on US finance

In 2024, Comparitech researcher logged 74 confirmed ransomware attacks on US finance companies, compromising 36 million records. That figure is a sharp increase from 2023, which saw 62 attacks compromise 28 million records.

Other recently confirmed attacks on financial businesses include:

• Liberty Tax Service reported a March 2025 data breach claimed by LeakedData
• Precision tax Relief notified 7,831 people of an April 2025 attack claimed by Akira
• Optima Tax Relief reported a cyber attack claimed by Chaos

In 2025 to date, we’ve tracked 10 confirmed attacks on US finance firms, plus 98 unconfirmed claims that haven’t been publicly acknowledged by the attacked companies.

About McLean Mortgage Corporation

McLean is a mortgage lender founded in 2008 and founded in Fairfax, Virginia. It was ranked among the top lenders in the Washington, DC area in 2021 with a mortgage volume of $3.5 billion, according to external sources.