LoanDepot customer portal down after weekend ransomware attack


The American mortgage lending giant loanDepot has filed a breach disclosure with the US Securities and Exchange Commission after suffering a possible ransomware attack over the weekend.

The billion dollar home financing company filed an 8K form as required with US financial regulators Monday, January 8th.

The California-headquartered company said it had “recently identified a cybersecurity incident affecting certain [sic] of the Company’s systems.”

The company also posted a statement on its website early Monday morning.

“We have taken certain systems offline and are working diligently to restore normal business operations as quickly as possible,” loanDepot said.

loanDepot statement
loanDepot.com. Image by Cybernews.

Upon detecting unauthorized activity, the Company said it “promptly took steps to contain and respond to the incident, including launching an investigation,” with assistance from leading cybersecurity experts and law enforcement.

The digital lender also mentioned in the SEC filing that the “unauthorized third party activity included access to certain Company systems and the encryption of data.”

The mention of 'encryption' leads to speculation that a ransomware gang may be behind the attack, although no group has taken claim so far.

“While the financial services industry has a slightly lower rate of ransomware attacks than average, it is by no means immune to the ransomware threat,” said Chester Wisniewski, Director and Global Field CTO at cybersecurity firm Sophos.

“What millions are now waiting to hear from loanDepot is whether their personal information may have been compromised as well," he said.

LoanDepot is one of the largest home mortgage and refinancing companies in the US with over 200 locations nationwide and servicing more than 27,000 customers each month.

Payment systems down

Meantime, frustrated social media users first began reporting issues with the loanDepot website starting on Saturday, January 6th.

“I can't pay my mortgage because of your site updating. Can't even call your number. It's been a complete nightmare,” one user posted on X.

Another wrote, “If all the systems are down how can i pay my bill that is due ?”

Wisniewski pointed out that Sophos’ latest State of Ransomware in Financial Services report shows that data was stolen in 25% of ransomware attacks on financial service organizations.

“Which sadly provides little comfort to those who may be affected. Let's hope probability is on our side this time,” Wisniewski added.

The company responded to most posts asking customers to directly message loanDepot on X with their contact information.

“At this time, we don't have anything new to report. We will continue to keep you updated as the situation evolves,” the company posted by Monday evening.

“We understand your frustration and we sincerely apologize for any inconveniences this may have caused. Please be assured that our team is actively working to resolve this issue,“ the lender stated earlier in the day.

LoanDepot also said in the two-page filing it will continue to assess the impact of the incident, which is the latest in a string of home lender attacks in the US over the past few months.

In December, Mr. Cooper, another major US mortgage lender, revealed the data of 14.6 million clients were exposed due to a cyber breach.

Furthermore, LoanCare, a servicer for the US mortgage industry and a subsidiary of Fidelity National Financial (FNF), had its customers' sensitive data accessed after FNF was breached by the ALPHV/ BlackCat ransomware gang in mid-November.


More from Cybernews:

NASA moon landing and Star Trek space burial in question after positioning snafu

Mirror mirror on the wall – who can cure my mental flaws

iPhone survives 16,000-foot fall from Alaska Airlines flight intact

Apple starts sending out checks for “batterygate” class action claims

Twilio phases out the desktop version of Authy app

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked