A major data breach at American First Finance, LLC has exposed sensitive information for nearly 700,000 customers.
The breach, which occurred on May 31, 2024, was discovered over a year later on June 18, 2025. An ex-employee of the financial services firm is responsible for the unauthorized access, raising serious questions about insider threats and data security at the company.
Scope and Discovery of the Breach
American First Finance, based at 3100 Olympus Blvd., Suite 300 in Dallas, Texas, learned of the breach when its security team detected unusual activity on internal systems.
The compromised records include names or other personal identifiers combined with additional customer information. In total, 689,000 individuals nationwide were affected, including 208 residents of Maine.
Because the number of affected Maine residents did not exceed 1,000, the firm was not required to notify consumer reporting agencies in that state.
The breach remained undetected for more than a year. Investigators believe the ex-employee took advantage of legitimate access privileges to download customer data.
After uncovering the incident in mid-June 2025, the company immediately launched a forensic review and notified law enforcement.
On July 29, 2025, American First Finance began notifying customers via electronic communication. A detailed notice was sent to all affected individuals, including those in Maine.
The notification outlined the nature of the breach, the types of data exposed, and steps customers could take to protect themselves. A copy of the notice to Maine residents is available in a public filing.
To help safeguard customers, American First Finance is offering 24 months of identity theft protection and credit monitoring services through IDX.
This service includes continuous credit report reviews, fraud alerts, and identity restoration support. Affected customers can enroll at no charge and receive guidance on monitoring their credit and spotting signs of identity fraud.
Jason Griggs, Associate General Counsel for American First Finance, submitted the breach notification and assured customers that the company is taking steps to strengthen internal controls.
The firm is reviewing its access protocols, enhancing monitoring of employee activity, and providing additional training on data security.
While the firm has no record of previous breaches within the last 12 months, this incident underscores the importance of vigilant insider threat management.
Customers are encouraged to review their credit reports regularly, enroll in the offered protection services, and report any suspicious activity.
American First Finance remains committed to transparency and protecting customer information.
As investigations continue, the company has pledged to keep regulators and affected individuals informed of any new developments.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
