Benworth Capital Partners PR LLC is a licensed lender in Florida that describes itself as a “hard money lender.” Benworth claims they make the decisions to fund hard money loans “based on our unique criteria that’s a lot different than a bank, credit union, or mainstream online lender. The funds used for our hard money loans are from private investors who believe in the potential of real estate as much as we do. We consider three main factors when making a loan decision:
- The borrower’s ability to repay the loan, primarily income earned from employment.
- The value of the property.
- The borrower’s equity in the property. For a purchase, this means the downpayment amount. For a refinance equity is the value of the property less the balance in a current mortgage.
On September 16, Benworth Capital (“Benworth”) sent notification letters to those affected by a cybersecurity incident that occurred on or about May 18, 2025. Benworth’s letter states that they believe the incident happened when a criminal actor accessed certain components of their systems through an unnamed third-party service provider.
Benworth negotiated with the unnamed threat actors for the return and deletion of the stolen files and has been monitoring the dark web and other sources. As of their September 16 letter, they found no indication that any of the data or information had been disseminated.
The affected files included loan-related information such as borrower name (which may be an individual or a business name), address, the taxpayer identification number provided (which may be an employer identification number or Social Security number), phone number, loan account number, maturity date, closing date, and loan amount.
Benworth states that in response to the breach, they have worked diligently to address the vulnerability and establish a high level of confidence that the threat has been contained and that system security has been restored.
“As part of our ongoing commitment to information security, we continue to look for ways to improve our processes and procedures, both internally and with respect to our service providers, and to evaluate and, when appropriate, implement additional measures to protect against this type of incident in the future,” they state. In addition, they offered those affected identity theft protection services of IDX.
A copy of Benworth’s letter was submitted to the California Attorney General’s Office on October 31.
As of today, no group has publicly claimed responsibility for the attack or leaked any of the data.
Although the total number of individuals affected by this incident has not been publicly disclosed, 943 Oregon residents, 22,895 Texas residents, and 1,230 Massachusetts residents were reportedly affected.