PO BOX #26193
9051 Mira Mesa Blvd
San Diego, CA 92196
Substitute Notice for Plaza Security Incident
What happened?
Plaza Home Mortgage, Inc. (“Plaza” or “we”) experienced a security incident involving unauthorized access to one employee’s computer on or around February 17, 2026. Threat actors illegally accessed our information systems without permission. Our security controls immediately informed us about the access, and we took action immediately to shut down the attack. Based on our investigation about this issue, an unauthorized party may have obtained some of your personal information.
What information was involved?
The personal information that may have been accessed may have included your name, address, social security number, birth date, driver’s license or other government identification and information related to mortgage loan applications and servicing.
For employees of Plaza, the personal information that may have been accessed includes an employee’s first name, last name, social security number, date of birth, and username and password for employee accounts.
The personal information that was accessed was not the same for each person and does not always include all the above data elements.
What are we doing?
Upon discovering that threat actors accessed customer and employee personal information, we launched an investigation. We took immediate actions to remove the threat actor from our systems and other security measures to further secure our information systems and your personal information.
We have implemented additional organizational, technical and administrative security measures to prevent the reoccurrence of this security incident and to protect the personal information of our employees and customers.
What can you do?
If you believe that you have been impacted by this incident, you can take action which will help to minimize or eliminate potential harm. We strongly advise you to take preventive measures to help prevent and detect any misuse of your information.
As a first step, we recommend that you closely monitor your financial accounts and if you see any unauthorized activity, you should promptly contact your financial institution.
To further protect yourself from the possibility of identity theft, we recommend that you immediately place a fraud alert on your credit files. A fraud alert conveys a special message to anyone requesting your credit report that you suspect you were a victim of fraud. When you or someone else attempts to open a credit account in your name, the lender should take measures to verify that you have authorized the request. A fraud alert should not stop you from using your existing credit cards or other accounts, but it may slow down your ability to get new credit. An initial fraud alert is valid for ninety (90) days. To place a fraud alert on your credit reports, contact one of the three major credit reporting agencies at the appropriate number listed below or via their website. One agency will notify the other two on your behalf. You will then receive letters from the agencies with instructions on how to obtain a free copy of your credit report from each.
- Equifax (888)766-0008 or https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/
- Experian (888) 397-3742 or www.experian.com
- TransUnion (800) 680-7289 or www.transunion.com
Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit reports periodically can help you spot a problem and address it quickly. You can contact the Federal Trade Commission by calling 1.877.438.4338 (I.877.IDTHEFT) or online at
https://reportfraud.ftc.gov/assistant.
How do I know whether my information was affected?
If you received a letter, then your information may have been affected. We are notifying every person that they could have had information accessed and disclosed to ensure that their personal information is not misused. Not all data which was accessed and disclosed was the same for each person.
I have not received a letter yet. Was I impacted?
We provided notice via U.S. Mail to all those potentially impacted to the extent we had a last known home address. If you did not receive a notice letter and you think you may be impacted, please contact us as indicated below and we will confirm whether your information may have been compromised as a result of this incident. If we determine that your information was compromised we have retained CyEx, a specialist in identity theft prevention, to provide impacted customers and employees with credit monitoring services and identity theft services, free of charge. We will then provide you with information to enroll in this program..
If you did not receive direct communication from Plaza, we do not believe you have been impacted by this incident. If you received a letter in the mail, the letter informs you which information was potentially accessed.
Who to call or contact with questions?
If you have further questions or concerns, please contact the undersigned at this special telephone number
844-953-3450, Monday – Friday 8 a.m. to 11 p.m. and Saturday 9 a.m. to 6 p.m Eastern Time., except holidays.