LoanDepot hit by suspected ransomware attack

a silhouetted woman holds a smartphone with the LoanDepot logo displayed on the screen.

Image Credits: Rafael Henrique / SOPA Images / LightRocket / Getty Images

Mortgage and loan giant LoanDepot said Monday it is experiencing a cyberattack and that it’s “working diligently to restore normal business operations as quickly as possible.”

The Irvine, California-based company said in a brief statement on its cybersecurity incident page that it has “taken certain systems offline” and is “working quickly to understand the extent of the incident and taking steps to minimize its impact.”

LoanDepot confirmed the cyberattack in a filing with federal regulators, describing the incident as involving the “encryption of data,” implying a ransomware attack.

“In response, the company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident,” the regulatory filing reads.

When reached by email, LoanDepot spokesperson Jonathan Fine reiterated the company’s statement, but declined to comment further or say whether the company has received a ransom demand from the hackers.

LoanDepot says it has millions of customers, according to its investor website. Portions of LoanDepot’s website, including its customer portals, appear to be non-functional. One error message on a login page seen by TechCrunch tells users: “Recurring automatic payments are processing as expected, but there may be a temporary delay in viewing the posted payment in your payment history. If you are seeking to make a payment, you may do so through our contact center by speaking with an agent at 866-258-6572.”

A screenshot of an error message on LoanDepot’s customer login portal, asking customers seeking to make a payment to call instead. Image Credits: TechCrunch (screenshot)

The cyber incident at LoanDepot is the latest in a series of cyberattacks targeting the loan and mortgage industry in recent months.

A November ransomware attack on Fidelity National Financial, one of the largest insurance providers in the United States, knocked the company offline for more than a week. In December, mortgage and loan company Mr. Cooper said hackers had stolen the personal data on more than 14 million customers during an October cyberattack. Mr. Cooper said it would incur at least $25 million in additional costs as a result of the incident, largely to pay for the credit monitoring of its affected customers.

New breach reporting rules that took effect in December require companies to notify regulators of cybersecurity incidents that may have a “material” effect on their business.

For its part, LoanDepot said in its regulatory filing that it will “continue to assess the impact of the incident and whether the incident may have a material impact on the company.”


Do you work at LoanDepot and know more about the incident? You can contact Zack Whittaker on Signal and WhatsApp at +1 646-755-8849, or by email. You also can contact us via SecureDrop.

Mr. Cooper hackers stole personal data on 14 million customers

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注