LoanDepot [1] [2] [3] [4] [5] [6] [7], a non-bank mortgage lending company based in California, has experienced a cyber incident that has affected their phone lines and certain systems [3]. This incident [1] [2] [3] [4] [5] [6] [7], which began on Thursday [1], involved unauthorized access to the company’s network and resulted in data encryption, indicating a potential ransomware attack [2]. LoanDepot has taken steps to address the situation and restore normal business operations.
Description
LoanDepot has confirmed that their phone lines and certain systems have been impacted by a cyber incident. The incident [1] [2] [3] [4] [5] [6] [7], which started on Thursday [1], involved unauthorized access to the company’s network and resulted in data encryption, suggesting a possible ransomware attack [5]. As a precautionary measure, LoanDepot has taken certain systems offline [2] [6], including customer portals [2], while they work to restore normal operations [1] [2] [3]. They have engaged forensics experts and notified law enforcement to assist in their investigation. It is currently unknown if any databases or files were exfiltrated or if a ransom demand was made. Customers are advised to be cautious of incoming emails, as stolen information could be used for phishing and identity theft [3]. LoanDepot [1] [2] [3] [4] [5] [6] [7], which services loans over $140 billion and employs 6,000 people [3], is making efforts to minimize disruption and ensure the continued processing of payments for customers. Although the attack briefly caused LoanDepot’s website to go offline [4], it is now functioning normally [4]. However, some customers have reported difficulties accessing the website and payment portal [1], expressing frustration on social media [4]. LoanDepot has reassured customers that they are working to restore normal operations and minimize the impact of the incident [1]. It is worth noting that LoanDepot experienced a phishing attack in 2022. The ongoing investigation into the current incident has not found any evidence of data being made public or misused [6]. It is important to mention that LoanDepot took nine months to directly notify affected customers following a breach in August 2022, where customer information was stolen. The impact on LoanDepot’s operations is currently being assessed, and measures are being implemented to secure its operations and bring systems back online.
Conclusion
LoanDepot’s cyber incident has had an impact on their phone lines, certain systems [1] [3] [5] [6] [7], and customer portals [2]. However, the company is actively working to restore normal business operations and minimize disruption for customers. Efforts are underway to ensure the continued processing of payments and address any potential risks associated with stolen information. LoanDepot’s previous experience with a phishing attack in 2022 highlights the importance of ongoing vigilance and security measures. The investigation into the current incident has not found any evidence of data misuse or public exposure [6]. LoanDepot is assessing the impact on their operations and taking steps to secure their systems and operations moving forward.
References
[1] https://www.bankinfosecurity.com/loandepot-hit-by-ransomware-attack-multiple-systems-offline-a-24053
[2] https://therealdeal.com/national/2024/01/09/loandepot-hit-by-cyberattack/
[3] https://www.techradar.com/pro/security/another-top-us-mortgage-firm-hit-by-major-cyberattack
[4] https://www.infosecurity-magazine.com/news/loandepot-confirms-ransomware/
[5] https://techcrunch.com/2024/01/08/loandepot-outage-suspected-ransomware-attack/
[6] https://www.housingwire.com/articles/cyberattack-at-loandepot-brings-systems-down/
[7] https://apnews.com/article/loandepot-cyberattack-ransomware-data-breach-4f400013598a84156bf95420b454ca8f