LendUS
Company Details
Linkedin ID:
lendusfamily
Employees number:
87
Number of followers:
5,316
NAICS:
52
Industry Type:
Homepage:
crosscountrymortgage.com
IP Addresses:
0
Company ID:
LEN_1945929
Scan Status:
In-progress
LendUS Company CyberSecurity Posture
crosscountrymortgage.com
LendUs Family is now CrossCountry Mortgage, LLC. NMLS3029
LendUS A.I CyberSecurity Scoring
LendUS Risk Score (AI oriented)Between 700 and 749
LendUS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
LendUS Global Score (TPRM)XXXX
LendUS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
LendUS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
LendUS
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The employee email accounts of LendUS were accessed by an unauthorized person at various times between February 2 to March 22, 2021. The compromised accounts contained the attachment containing the personal information of its employees and customers including names, financial and payment card account information; medical and health insurance information. LendUS after the complete investigation of the attack notified the impacted individuals and offered free credit monitoring services for those who requested it.
LendUS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for LendUS
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for LendUS in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for LendUS in 2025.
Incident Types LendUS vs Financial Services Industry Avg (This Year)
No incidents recorded for LendUS in 2025.
Incident History — LendUS (X = Date, Y = Severity)
LendUS cyber incidents detection timeline including parent company and subsidiaries
LendUS Company Subsidiaries
LendUs Family is now CrossCountry Mortgage, LLC. NMLS3029
Loading...
LendUS Similar Companies
KPMG US
KPMG is one of the world’s leading professional services firms and the fastest growing Big Four accounting firm in the United States. With 75+ offices and more than 40,000 employees and partners throughout the US, we’re leading the industry in new and exciting ways. Our size and strength make us muc
Lincoln Financial
Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, investments, life insurance, group protection, and retirement plan services. With our 120-year trac
Nomura
Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Inves
Credicorp
Somos el grupo financiero líder en el Perú con una vasta experiencia en el mercado peruano. Contamos con una sólida plataforma de Banca Comercial reforzada por una importante presencia en Banca de Inversión en Latinoamérica destinada a desarrollar el potencial de la región y acompañar a nuestros cli
Raymond James
Founded in 1962 and a public company since 1983, Raymond James Financial, Inc. is a Florida-based diversified holding company providing financial services to individuals, corporations and municipalities through its subsidiary companies engaged primarily in investment and financial planning, in addit
KBC Bank & Verzekering
Welkom op de officiële LinkedIn-pagina van KBC! Bekijk onze vacatures op de tab ‘Vacatures’. KBC is een geïntegreerde bank-verzekeraar die zich hoofdzakelijk richt op particulieren en privatebankingcliënten, en op kleine en middelgrote ondernemingen. KBC heeft een leidende positie in zijn thuisma
Pru Life UK
With 26 years of operations in the Philippines, we have the largest agency force of more than 39,000 licensed financial advisers ready to listen, understand and deliver. We are an innovative force in the life insurance industry who pioneered investment-linked or unit-linked insurance in the Philippi
LSEG
LSEG (London Stock Exchange Group) is a diversified international markets infrastructure business —earning our clients’ trust for over 300 years. That legacy of customer-focused excellence ensures that you can rely on our expertise in capital formation, intellectual property and risk and balance she
Vanguard
Join us as we celebrate 50 years of empowering our 50 million investor-owners.* Since our founding in 1975, we’ve been on a mission to help investors achieve their goals. With no outside shareholders to answer to, we make decisions—including keeping investing costs as low as possible—with our clien
.png)
LendUS CyberSecurity News
January 27, 2023 08:00 AM
LendUS agrees to settlement in data breach lawsuit
Mortgage lender LendUS reached a settlement this week to resolve a legal case tied to a 2021 cyber attack that revealed personal...
January 25, 2023 08:00 AM
LendUS data breach class action settlement
LendUS LLC agreed to a class action lawsuit settlement to resolve claims it failed to protect consumers from a 2021 data breach.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
LendUS CyberSecurity History Information
Official Website of LendUS
The official website of LendUS is https://crosscountrymortgage.com/.
LendUS’s AI-Generated Cybersecurity Score
According to Rankiteo, LendUS’s AI-generated cybersecurity score is 730, reflecting their Moderate security posture.
How many security badges does LendUS’ have ?
According to Rankiteo, LendUS currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does LendUS have SOC 2 Type 1 certification ?
According to Rankiteo, LendUS is not certified under SOC 2 Type 1.
Does LendUS have SOC 2 Type 2 certification ?
According to Rankiteo, LendUS does not hold a SOC 2 Type 2 certification.
Does LendUS comply with GDPR ?
According to Rankiteo, LendUS is not listed as GDPR compliant.
Does LendUS have PCI DSS certification ?
According to Rankiteo, LendUS does not currently maintain PCI DSS compliance.
Does LendUS comply with HIPAA ?
According to Rankiteo, LendUS is not compliant with HIPAA regulations.
Does LendUS have ISO 27001 certification ?
According to Rankiteo,LendUS is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of LendUS
LendUS operates primarily in the Financial Services industry.
Number of Employees at LendUS
LendUS employs approximately 87 people worldwide.
Subsidiaries Owned by LendUS
LendUS presently has no subsidiaries across any sectors.
LendUS’s LinkedIn Followers
LendUS’s official LinkedIn profile has approximately 5,316 followers.
NAICS Classification of LendUS
LendUS is classified under the NAICS code 52, which corresponds to Finance and Insurance.
LendUS’s Presence on Crunchbase
No, LendUS does not have a profile on Crunchbase.
LendUS’s Presence on LinkedIn
Yes, LendUS maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/lendusfamily.
Cybersecurity Incidents Involving LendUS
As of December 05, 2025, Rankiteo reports that LendUS has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
LendUS has an estimated 30,049 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at LendUS ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does LendUS detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with credit monitoring services, and communication strategy with notified impacted individuals..
Incident Details
Can you provide details on each incident ?
Title: LendUS Email Account Breach
Description: The employee email accounts of LendUS were accessed by an unauthorized person at various times between February 2 to March 22, 2021. The compromised accounts contained attachments with personal information of employees and customers, including names, financial and payment card account information, medical and health insurance information.
Type: Data Breach
Attack Vector: Email Account Access
Vulnerability Exploited: Compromised Email Accounts
Threat Actor: Unauthorized Person
Motivation: Data Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email Accounts.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach LEN12185522
Data Compromised: Personal information, Financial information, Payment card account information, Medical information, Health insurance information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Financial Information, Payment Card Account Information, Medical Information, Health Insurance Information and .
Which entities were affected by each incident ?
Incident : Data Breach LEN12185522
Entity Name: LendUS
Entity Type: Company
Industry: Financial Services
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach LEN12185522
Remediation Measures: Credit Monitoring Services
Communication Strategy: Notified impacted individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach LEN12185522
Type of Data Compromised: Personal information, Financial information, Payment card account information, Medical information, Health insurance information
Sensitivity of Data: High
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Credit Monitoring Services, .
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach LEN12185522
Investigation Status: Completed
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified impacted individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach LEN12185522
Customer Advisories: Offered free credit monitoring services
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Offered free credit monitoring services.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach LEN12185522
Entry Point: Email Accounts
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized Person.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were personal information, financial information, payment card account information, medical information, health insurance information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were health insurance information, personal information, medical information, financial information and payment card account information.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Offered free credit monitoring services.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email Accounts.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function's argument). This vulnerability is fixed in 2.0.3.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted straight into the DOM. If they contain HTML tags, they will be rendered (after some escaping using quotes and textarea tags).
Risk Information
cvss4
Base: 7.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This vulnerability is fixed in 2025.102.
Risk Information
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Description
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.
Risk Information
cvss4
Base: 8.0
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=lendusfamily' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
