Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.

360training.com Data Breach

360training.com’s MEC website was breached between November 25 and November 26, 2025, affecting 24,594 individuals, including 49 Maine residents. Affected individuals should monitor their accounts and consider legal action for potential damages.

360training.com
Date of Breach: November 25, 2025 – November 26, 2025
CAU logo

Who was affected:

Clients of 360training.com

Impacted Data:

Personal Identification Information

Financial Information

360training.com, Inc., the operator of the Mortgage Educators and Compliance (“MEC”) website, recently reported a significant data breach that potentially exposed sensitive customer information, including credit card details, affecting 24,594 individuals, including 49 residents of Maine. The breach occurred in late 2025 and involved unauthorized access to MEC’s website.

360training.com Data Breach Investigation

360training.com, Inc. discovered suspicious activity on the Mortgage Educators and Compliance (MEC) website around November 25, 2025. Upon investigating the incident, it was determined that an unauthorized party had added a malicious script to the website. This script was designed to send customers’ credit card data to an unauthorized Google Analytics account controlled by the cyber attacker.

The breach affected individuals who made course purchases on the mortgageeducators.com website during a specific period. MEC acted quickly, removing the script and reporting the misuse to Google Analytics. Following the discovery, the company worked diligently to compile a list of impacted customers, obtain address information, and notify those affected by the incident. The final list of affected individuals was completed on January 19, 2026.

While MEC reports that there is no evidence of misuse of the exposed data, the breach still raises significant concerns due to the involvement of highly sensitive financial and personal information. In response, 360training.com is offering affected individuals complimentary credit monitoring and identity protection services, along with guidance on protecting their information from potential fraud or identity theft.

When Did This Breach Occur?

According to the breach notification:

  • Date(s) the Breach Occurred: November 25, 2025 – November 26, 2025

  • Date the Breach Was Discovered: November 26, 2025

The breach occurred between November 25 and November 26, 2025, with MEC discovering and responding to the incident promptly.

What Information Was Breached?

The information exposed during the breach potentially includes:

  • Personal Identification Information: Name, address

  • Financial Information: Credit card numbers (excluding security codes, access codes, and expiration dates)

  • Other Sensitive Information: Health insurance information or government identifiers, if included in the transaction details

The breach affects 24,594 individuals, including 49 residents from Maine, who may have had their sensitive data compromised.

What You Can Do

If you were notified by 360training.com about this breach, consider taking the following steps to protect your information:

  • Enroll in the complimentary 12-month credit monitoring and identity protection services provided by MEC. This service will help you monitor your credit report for changes and detect any unauthorized activity.

  • Review your credit reports and account statements for any suspicious or unusual activity.

  • Place a fraud alert or credit freeze on your credit files to prevent unauthorized access to your accounts.

  • Report any suspicious activity to your financial institutions, and change your account passwords if necessary.

  • Contact local law enforcement or your state Attorney General to report any potential fraudulent activities.

While no misuse has been confirmed, the exposure of credit card information poses significant risks, including financial fraud and identity theft. Staying vigilant is key to minimizing these risks.

File a Data Breach Lawsuit Against 360training.com

If you received a notification from 360training.com about this breach, you may be eligible for compensation. Data breach lawsuits can help hold companies accountable for failing to secure sensitive personal and financial information. Compensation may include reimbursement for financial losses, credit monitoring costs, identity theft protection, and other damages resulting from the breach.

You don’t have to face the aftermath of a data breach alone. Learning about your legal rights and exploring your options can help you seek justice and compensation for the exposure of your data.

Contact us at Class Action U, where we’ll connect you with an attorney skilled in class action lawsuits. If you’ve been impacted by the breach, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner, and no obligation after speaking with someone from our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Date of Breach: May 16, 2025
Date of Breach: September 11, 2025
Date of Breach: March 30, 2025

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.