The nation’s second-largest nonbank retail mortgage originator,
loanDepot, disclosed it has been hit by a ransomware attack, forcing multiple
systems offline and potentially compromising personally identifiable
information. The attack disrupted online payment capabilities and customer
service operations.
After identifying the cybersecurity incident involving an
“unauthorized third-party,” the company said it quickly shut down certain
systems to contain the threat and mitigate its impact. The company then
immediately launched an investigation into the breach and its impact.
loanDepot provided the following statement to Dodd Frank
Update in response to a media inquiry:
“loanDepot is experiencing a cyber incident. We have taken
certain systems offline and are working diligently to restore normal business
operations as quickly as possible,” loanDepot Vice President of Public
Relations Jonathan Fine said. “We are working quickly to understand the extent
of the incident and taking steps to minimize its impact. The company has
retained leading forensics experts to aid in our investigation and is working
with law enforcement. We sincerely apologize for any impacts to our customers
and we are focused on resolving these matters as soon as possible.”
“Upon detecting unauthorized activity, the company promptly
took steps to contain and respond to the incident, including launching an
investigation with assistance from leading cybersecurity experts, and began the
process of notifying applicable regulators and law enforcement,” according to
loanDepot’s 8-k filing with the Securities and Exchange Commission (SEC) concerning
the incident.
The unauthorized third-party activity cited in the filing
includes “access to certain company systems” and “the encryption of data.”
The SEC also indicated loanDepot is continuing to assess
whether the incident has had any “material impact” on the company. loanDepot
also is working to implement measures to secure its business operations, bring
systems back online and respond to the incident.
loanDepot is the latest company in the real estate
marketplace to be the victim of a recent cybersecurity attack, following other
major attacks against First
American, Fidelity
National Financial and Mr. Cooper.
Previous incident
The incident is not the first cyber attack reported by
loanDepot within the past year. In Spring 2023, the nonbank lender warned
customers their data may have been compromised the previous August, according
to breach notifications filed with state attorneys general in Maine and
New Hampshire.
“loanDepot identified brief unauthorized access to a small
number of internal accounts; this access was terminated and the incident was
remediated within three hours,” loanDepot Chief Risk Officer Joseph Grassi said
in a statement issued to affected consumers. “This incident has not affected
your loan or our servicing of your account in any way. However, it is possible
that the unauthorized actor could have accessed documents containing your
personal information, as described below. There is no evidence that any personal
data has been misused, but out of an abundance of caution, we wanted to notify
anyone that may be affected.”
Grassi detailed some immediate steps the company took to
remediate the issue, noting it had “engaged a leading cybersecurity firm to
investigate the incident and further protect” consumers’ information and “implemented
processes and protocols designed to prevent this, or something like this, from
happening again.”
The company warned affected customers that attackers had
gained “unauthorized access to a small number of internal accounts” and may
have stolen files containing their personal information, including Social
Security numbers.
The notification did not provide an explanation as to why
the company took nine months to directly notify customers affected by the
breach.
The company said it will provide continuous updates on its
latest incident at the following web address: https://loandepot.cyberincidentupdate.com