Don't miss the launch of Risk Automations and Vendor Onboarding Portal
Watch recording
News
Data breach reported for Mortgage Educators and Compliance (360training)
BlogBreachesResourcesNews
Data breach reported for Mortgage Educators and Compliance (360training)

Data breach reported for Mortgage Educators and Compliance (360training)

UpGuard Team
UpGuard Team
February 25, 2026

Key Facts: 360training Data Breach

  • Date reported: February 25, 2026.
  • Unauthorized access identified: November 25, 2025 (discovered November 26, 2025).
  • Target entity: 360training (360training.com) / Mortgage Educators and Compliance (MEC).
  • Source of breach: Unauthorized third-party script targeting a payment page.
  • Data types: Customer names, addresses, and credit card numbers (excluding security codes and expiration dates).
  • Status: Confirmed; written notification letters were issued on February 24, 2026, following the completion of the impacted customer list on January 19, 2026.
  • Severity: Medium; the breach involved a malicious script exfiltrating sensitive financial information from nearly 25,000 customers.

Start continuous breach monitoring with UpGuard.

What happened in the 360training data breach?

360training (360training.com) reported a security incident classified as an external system breach on February 25, 2026. No specific threat actor has been identified in connection with the event. The breach was reportedly discovered on November 26, 2025, after the company detected suspicious activity on the Mortgage Educators and Compliance (MEC) website, which it operates.

The investigation determined that an unauthorized party had added a malicious script to the website between November 25 and November 26, 2025. This script was designed to send customers' credit card data to an unauthorized Google Analytics account controlled by the attacker. The incident impacted 24,594 individuals, who were notified of the situation through written correspondence starting on February 24, 2026. While the company reports no evidence of data misuse, the exposure of financial information poses significant risks to the affected user base.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for 360training customers

For the 24,594 individuals affected, this breach could lead to potential risks such as identity theft, credential abuse, or targeted phishing attempts. When external systems are compromised, unauthorized parties may gain access to user records which can then be exploited for fraudulent activities.

Typical outcomes for organizations include reputational impact and heightened regulatory attention. To protect themselves, individuals should monitor their financial statements and update login credentials for any associated accounts. Proactive transparency regarding security incidents is essential for helping users take the necessary steps to secure their personal information.

How to protect against similar security incidents

Scan your domain for vulnerabilities in minutes

Frequently asked questions

What happened in the 360training security breach?

On February 25, 2026, 360training (360training.com) disclosed a security breach. According to initial reports, an external system breach involving a malicious script on the MEC website affected a total of 24,594 individuals.

When did the 360training breach occur?

The 360training breach occurred between November 25 and November 26, 2025. It was publicly reported and notifications were finalized in February 2026.

What data was exposed?

The exposed data included customer names, addresses, and credit card numbers. Notably, security codes (CVV), access codes, and expiration dates were not included in the breach.

Is my personal information at risk?

If you purchased courses through the MEC website during the affected period, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

How can I protect myself after this data breach?

  • Update your 360training password and any other accounts where you used the same credentials.
  • Update your account passwords immediately
  • Enable multi-factor authentication (MFA)
  • Monitor your financial and bank accounts for unauthorized transactions
  • Be cautious of unsolicited emails or text messages
  • Utilize data leak monitoring tools to stay informed

What steps should companies take after being impacted by this breach?

Companies typically respond by securing the affected systems, notifying impacted individuals, and providing guidance on protective measures. They may also review their internal security protocols and deploy attack surface management solutions to prevent future incidents.

How secure is 360training?

360training (360training.com) is a leading American provider of online regulatory-approved training and certification. Founded in 1997 and headquartered in Austin, Texas, the company has evolved into a massive e-learning marketplace serving over 11 million learners across multiple highly regulated industries.
  • Check icon
    View our free preliminary report on 360training’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View 360training's score
View score
https://360training.com
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Payload Claims Data Breach on Royal Bahrain Hospital (RBH)

Payload Claims Data Breach on Royal Bahrain Hospital (RBH)

A data breach involving Royal Bahrain Hospital was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 16, 2026
Gov.Uk Suffers Data Leak

Gov.Uk Suffers Data Leak

A data breach involving GOV.UK was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 16, 2026
Data breach reported for Earthbound Holding

Data breach reported for Earthbound Holding

A data breach involving Earthbound Trading was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 12, 2026
Data breach reported for Health Dimensions Group

Data breach reported for Health Dimensions Group

A data breach involving Health Dimensions Group was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 11, 2026
Data breach reported for OSI Systems

Data breach reported for OSI Systems

A data breach involving OSI Systems was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 11, 2026
Michelin Data Breach Due to Oracle EBS Exploit

Michelin Data Breach Due to Oracle EBS Exploit

A data breach involving Michelin was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 11, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating