LoanDepot Hit by Ransomware Attack; Multiple Systems Offline – Source: www.databreachtoday.com

Incident & Breach Response
,
Security Operations

Large Mortgage Lender’s Customers Say the Online Payment Portable Is Inaccessible

Mathew J. Schwartz (euroinfosec) •
January 8, 2024    

Non-bank mortgage lending giant LoanDepot is warning customers and investors that hackers have infiltrated its network, gained unauthorized access to information and encrypted data, leading to it taking numerous systems offline while it probes the attack.

See Also: JavaScript and Blockchain: Technologies You Can’t Ignore

The attack began Thursday and involved unauthorized access to its network, publicly traded LoanDepot said in a filing submitted Monday to the U.S. Securities and Exchange Commission. New SEC rules recently went into effect requiring public companies to report “material” online attacks to the regulator within four business days (see: SEC Votes to Require Material Incident Disclosure in 4 Days).

Founded in 2010, the Irvine, California-based company, which sometimes styles its name loanDepot, services loans worth more than $140 billion and has about 4,500 employees. The company reported third-quarter 2023 revenue of $266 million and EBITDA-adjusted profit of $18 million.

“Though our investigation is ongoing, at this time, the company has determined that the unauthorized third-party activity included access to certain company systems and the encryption of data,” LoanDepot said in its SEC filing. “In response, the company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.”

On Monday morning, the company posted its first breach notification to its website. For several days prior to that, customers had been reporting on social media about their inability to reach the company, which is one of America’s biggest mortgage lenders. Customers also said they hadn’t been able to access the company’s website or payment portal to keep up with their mortgage payments.

“We have taken certain systems offline and are working diligently to restore normal business operations as quickly as possible,” the company told customers in its breach alert. “We are working quickly to understand the extent of the incident and taking steps to minimize its impact.”

LoanDepot promised to post additional updates to customers via website as quickly as possible.

The company has yet to detail whether or not the attackers exfiltrated databases or files pertaining to employees or mortgage holders, or whether it is now being held to ransom (see: Ransomware: 2023 Victim Count Appears to Reach Record Levels).

LoanDepot’s customers began taking to social media on Friday to report difficulties with accessing its site, and one user posted to X, formerly known as Twitter: “Are your systems down? Can’t login to system since morning.”

Another user tweeted LoanDepot on Saturday: “I can’t pay my mortgage because of your site updating. Can’t even call your number. It’s been a complete nightmare.”

On Sunday, one customer asked the company via X: “If all the systems are down how can I pay my bill that is due?”

“Please DM us with your telephone number. We will reach out to you right away,” the company responded.

Follows August 2022 Breach

This isn’t the first time attackers have hacked into LoanDepot’s network. On May 8, 2023, the company began warning 1,361 customers that their information had been stolen in an attack that occurred the previous August, according to a breach notification filed with the Maine attorney general’s office.

The company warned affected customers that attackers had gained “unauthorized access to a small number of internal accounts” and may have stolen files containing their personal information, including Social Security numbers.

The notification did not state why the company had taken nine months to directly notify affected customers following that breach.