YouLend Discloses Data Breach After Unauthorized Network Access Exposed Social Security Numbers

YouLend says unauthorized access to its network between June 5 and June 9, 2026 resulted in the acquisition of files containing names, dates of birth, and Social Security numbers.
YouLend logo on a dark blue background with abstract digital graphics.

YouLend US LLC has disclosed a data breach after detecting unauthorized access to its network, revealing that files containing sensitive customer information were acquired during a four-day intrusion in June 2026.

According to a notification filed with the California Attorney General and sent to affected individuals, YouLend identified suspicious activity on June 9, 2026, after receiving alerts of a disruption affecting its computer network. An investigation conducted with external cybersecurity specialists determined that an unauthorized party accessed the company’s systems between June 5 and June 9, 2026, and acquired certain files containing personal information.

Social Security numbers among exposed data

YouLend said the compromised information includes affected individuals’ names, dates of birth, and Social Security numbers. The company stated it has no evidence that the exposed information has been misused for fraud or identity theft.

The notification does not disclose how many people were affected by the incident. The breach notice also does not identify the threat actor responsible or describe how the attackers initially gained access to the company’s environment.

Company response

According to the notification, YouLend secured its systems after discovering the intrusion, engaged outside cybersecurity specialists to investigate the incident, and reported the matter to federal law enforcement and other authorities.

The company is offering affected individuals 12 months of complimentary credit monitoring and identity protection services through Cyberscout, a TransUnion company specializing in fraud assistance and remediation.

YouLend had not issued any additional public statement about the incident at the time of publication beyond the legally required breach notification.

Investigation continues

The breach was reported to the California Attorney General on July 15, 2026, alongside a sample notification letter sent to affected individuals. While the notification confirms that personal information was acquired during the intrusion, YouLend said there is currently no evidence that the exposed data has been used for identity theft or other fraudulent activity.

Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map