Back to Blog
high severity June 15, 2026 · scope unconfirmed

Optimum First Mortgage Listed by pear Ransomware Group

Providing fast and reliable mortgage solutions, including home purchases and refinancing options

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 15, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 15, 2026, the pear Ransomware Group added Optimum First Mortgage to its public leak site, confirming that internal files had been exfiltrated from the mortgage lender during a ransomware attack. Customers who used the company for home purchases or refinancing may have had sensitive personal and financial documents exposed.

Confirmed Facts from Reporting

Public reporting indicates the incident stems from a ransomware deployment at Optimum First Mortgage, a firm that offers home purchase and refinancing services. The pear Ransomware Group listed the company on its dark-web leak page on June 15, 2026, stating that internal files had been stolen. Exact victim counts remain undisclosed, and the precise volume or types of records taken have not been independently verified. Available reporting describes the exposed material as internal files, which in similar incidents often include customer loan applications, Social Security numbers, bank details, tax forms, and internal correspondence.

Why This Matters for You and Your Family

If you or anyone in your household has worked with Optimum First Mortgage, your private financial information could now sit on a criminal marketplace. Mortgage records typically contain names, addresses, dates of birth, Social Security numbers, employment history, income figures, bank account numbers, and loan details. Once this data reaches the wrong hands, it can fuel identity theft, fraudulent loan applications, or unauthorized access to your existing accounts. Your family’s exposure does not end at one company; a single breach like this often becomes the starting point for broader targeting that can affect credit scores, tax filings, and even children’s records years later.

The Doxxing and Identity-Chain Implications

Stolen mortgage files rarely stay isolated. Attackers routinely cross-reference names and addresses with usernames, email addresses, phone numbers, and gaming handles found in other leaks. This creates an identity chain that links your real-world identity to online accounts. Public reporting shows these chains frequently lead to doxxing, where personal details are published alongside family photos, children’s names, or school information. Credential leaks of this nature also cascade into account takeovers, especially for gaming platforms where children often reuse email addresses or passwords. A compromise at a mortgage company can therefore place both adult and children’s gaming accounts at risk of hijacking and further data exposure.

Pear Ransomware Group’s Track Record

Public reporting attributes the pear Ransomware Group with emerging in late 2024. The group has listed dozens of organizations on its leak site, focusing primarily on small and mid-sized businesses across the United States. Its typical playbook involves initial access through phishing or exploited remote desktop protocols, followed by data exfiltration before encryption. The group then demands payment and, upon non-payment, publishes samples or full datasets on its onion site to pressure victims. Reporting notes that pear’s extortion style relies on public shaming and the implicit threat that stolen data will be sold or repurposed by other criminals.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, handles, and real identity so you can see exactly what chains exist from this breach.
  • Rotate the password used at Optimum First Mortgage anywhere it is reused and enable 2FA through an authenticator app rather than text messages.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours, not months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same addresses and emails.
  • Let remediation specialists handle takedown requests across data brokers and exposed profiles while you focus on securing your own accounts.

The Optimum First Mortgage listing on the pear leak site is a reminder that your family’s financial history can surface on criminal forums without warning. Taking concrete steps now limits how far attackers can travel down the identity chain. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, and hands-on remediation by specialists, with household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to gain visibility and control before the next wave of misuse begins.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.