Financial services company LoanDepot disclosed a data breach that impacted roughly 16.6 million individuals.
LoanDepot is a financial services company that primarily operates as a mortgage lender. It is one of the largest nonbank lenders in the United States. The company provides a range of mortgage and non-mortgage loan products and services.
LoanDepot disclosed this week a data breach that impacted roughly 16.6 million individuals. The data breach is the result of a ransomware attack that was detected earlier this month. The Company shut down certain systems to prevent the threat from spreading.
“The Company has been working diligently with outside forensics and security experts to investigate the incident and restore normal operations as quickly as possible. The Company has made significant progress in restoring our loan origination and loan servicing systems, including our MyloanDepot and Servicing customer portals.” reads an update on cyber incident provided by the company. “Although its investigation is ongoing, the Company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems.”
The company immediately launched an investigation into the incident with the help of cybersecurity experts. LoanDepot also notified law enforcement and regulators.
“loanDepot, Inc. (the “Company”) recently identified a cybersecurity incident affecting certain of the Company’s systems. Upon detecting unauthorized activity, the Company promptly took steps to contain and respond to the incident, including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement.” reads the Form 8-K filing with the Securities and Exchange Commission (SEC) on January 4, 2024.
“Though our investigation is ongoing, at this time, the Company has determined that the unauthorized third party activity included access to certain Company systems and the encryption of data. In response, the Company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.”
The company is offering credit monitoring and identity protection services for free to the impacted individuals.
“Unfortunately, we live in a world where these types of attacks are increasingly frequent and sophisticated, and our industry has not been spared. We sincerely regret any impact to our customers,” said loanDepot CEO Frank Martell. “The entire loanDepot team has worked tirelessly throughout this incident to support our customers, our partners and each other. I am pleased by our progress in quickly bringing our systems back online and restoring normal business operations.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)