LoanDepot, one of the largest US-based retail mortgage lenders, has confirmed that around 16.6 million of its customers have had their personal information stolen.
In a new filing to the US Securities and Exchange Commission (SEC) on January 22, LoanDepot gave further detail about the cyber incident that affected the firm’s computer systems on January 8.
The mortgage provider has previously described the incident as a ransomware attack.
While the firm is still investigating the breach with the help of “outside forensics and security experts,” the initial results show that the “unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems.”
LoanDepot promised to notify the impacted customers and offer free credit monitoring and identity protection services.
The firm also indicated it “has made significant progress in restoring our loan origination and loan servicing systems, including our MyloanDepot and Servicing customer portals.”
The company has set up a new microsite, loandepot.cyberincidentupdate.com, to provide additional operational updates.
What happened to LoanDepot?
LoanDepot informed the SEC it was experiencing a cyber incident in an initial filing sent on January 8.
“Though our investigation is ongoing, at this time, the company has determined that the unauthorized third-party activity included access to certain company systems and the encryption of data,” the initial filing read.
“Upon detecting unauthorized activity, the company promptly took steps to contain and respond to the incident, including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement.”
On social media, experts showed that LoanDepot’s website briefly went offline before reappearing within a few hours.
However, angry customers quickly took to social media to vent their rage about being unable to access some of LoanDepot’s services.
. @loanDepot I called (888) 983-3240 and message said you're closed; normal hours are 5AM to 7PM. Your website is in accessible, you're having a cyber attack, and customer service line is now offline
— Harshal Patel (@harshalpatel) January 17, 2024