LoanDepot Confirms Ransomware Attack in SEC Filing

Written by

One of America’s largest retail mortgage lenders has revealed a significant ransomware breach in a new regulatory filing.

In a filing with the Securities and Exchange Commission (SEC) posted to its site yesterday, LoanDepot revealed it had “recently identified a cybersecurity incident” impacting some of its systems.

“Upon detecting unauthorized activity, the company promptly took steps to contain and respond to the incident, including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement,” it continued.

“Though our investigation is ongoing, at this time, the company has determined that the unauthorized third-party activity included access to certain company systems and the encryption of data.”

Although not named explicitly, the combination of data theft and encryption points to a ransomware breach. LoanDepot added that it was forced to shut down some systems in response, “and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.”

Read more on the mortgage industry: Failure to Report Breach Costs Mortgage Lender $1.5m

According to reports on X (formerly Twitter), the attack briefly took the firm’s website offline, although it is now up and running. Mortgage expert, Colin Robertson, claimed on X that customers’ recurring mortgage payments would still be processed automatically as usual. Others wishing to do so will need to call the company direct, he added.

Unsurprisingly, angry customers took to social media to vent their rage.

“I can’t pay my mortgage because of your site updating. Can’t even call your number. It’s been a complete nightmare,” said one.

LoanDepot claims to service tens of thousands of customers, with loans of over $140bn.

This is the latest in a string of attacks on the sector. Last month, mortgage servicer Mr Cooper revealed that an October breach impacted 14.7 million customers, with names, addresses, phone numbers, Social Security numbers and bank account details among the information taken.

Image credit: Around the World Photos /

What’s hot on Infosecurity Magazine?