LoanDepot ransom attack exposes sensitive data of 16.6M customers

Major US mortgage lender LoanDepot announces that the sensitive data of more than 16 million individuals was compromised during a massive ransomware attack in early January – yet stops short of revealing what that data is.

The digital mortgage solutions company posted the investor news update about the January 8th breach on its corporate website Monday.

“Although its investigation is ongoing, the Company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems,” the California-based home lender announced.

The weekend ransomware attack forced the company to take some of its systems offline, causing mayhem for many of its customers trying to make timely mortgage payments through the loanDepot website. The outages lasted for more than a week.

As part of the updated statement, loanDepot CEO Frank Martel said the billion dollar company sincerely regretted “any impact” the breach has had on its customers.

“Unfortunately, we live in a world where these types of attacks are increasingly frequent and sophisticated, and our industry has not been spared,” Martel said.

“We are working diligently with outside forensics and security experts to investigate the incident and restore normal operations as quickly as possible,” Martel added.

At no point has the company provided any details on exactly what types of information may have been exposed, or reveal the amount of data the attackers were able to get their hands on.

loanDepot ransom attack update
investors/ Image by Cybernews.

In its original SEC filing, loanDepot admitted that some of its data had been encrypted in the attack.

Most services were announced back up and running on January 18th, including the MyloanDepot customer portal, the HELOC customer portal, and the loanDepot’s Servicing customer portal.

Earlier, the company said all late fees would be waived due to the delay in making digital payments on its servicing website.

LoanDepot said it will notify those affected and be offering free credit monitoring and identity protection services.

Any further updates and contact information will be posted on a dedicated loanDepot cyber incident microsite.

Launched in 2010, loanDepot has become one of the largest non-bank retail mortgage lenders in the US, according to its website.

More from Cybernews:

Audits show less antisemitism on X than other apps, Musk says

AerCap ransomware attack latest to hit aviation sector

UK government now on WhatsApp

Historic data leak reveals 26 billion records: check what's exposed

NASA reveals remaining Bennu asteroid sample

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked