The U.S. mortgage lender loanDepot has confirmed that the recent cyber incident reported over the weekend was indeed a ransomware attack, resulting in data encryption. loanDepot, a significant nonbank mortgage lender in the United States, managing over $140 billion in loans and employing around 6,000 staff, faced disruptions when customers encountered difficulties accessing the payment portal on Saturday for loan payments and contacting the company via phone.
In response to the incident, loanDepot issued a statement acknowledging the cyber incident and the temporary shutdown of specific systems. The company assured that efforts were underway to restore normal business operations swiftly and to understand the full extent of the incident. External cybersecurity experts were engaged, and regulatory and law enforcement agencies were promptly notified.
Despite the security breach, loanDepot informed customers through social media that recurring automatic payments would still be processed, albeit with delays in reflecting on payment history. However, new payments through the servicing portal were temporarily disabled, prompting affected customers to seek assistance from the call center.
In an 8-K filing with the U.S. Securities and Exchange Commission, loanDepot disclosed that the attackers had also encrypted files on compromised devices. However, the identity of the ransomware group responsible for the attack remains unclear. The company, in its ongoing investigation, determined unauthorized access to certain systems and data encryption as part of the breach. LoanDepot is assessing the incident’s impact and its potential material impact on the company.
The incident led loanDepot to take precautionary measures, including the shutdown of some systems to prevent the attackers from accessing other devices on the network. While the company has emphasized unauthorized access and file encryption, it’s important to note that ransomware groups increasingly steal corporate and customer data during breaches to exert pressure on victims to pay a ransom.
Given loanDepot’s possession of sensitive customer information, such as financial and bank account details, individuals affected by the breach are urged to remain vigilant against potential phishing attacks and identity theft attempts. This incident follows loanDepot’s disclosure of a data breach in May 2023, stemming from a cyberattack in August 2022, and aligns with similar cybersecurity challenges faced by other entities in the mortgage and financial sectors, such as Mr. Cooper and First American Financial Corporation.
CyberSec84 | Cybersecurity news. 
Leave a comment