Mortgage giant LoanDepot said Monday it was experiencing a cyberattack and was “working diligently to restore normal business operations as soon as possible.”
The Irvine, Calif.-based company said a brief statement on the cybersecurity incident page that it has “disconnected some systems” and is “working quickly to understand the extent of the incident and take steps to minimize its impact.”
LoanDepot confirmed the cyber attack a filing with federal regulators;describing the incident as “data encryption”, implying a ransomware attack.
“In response, the company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident,” the regulatory filing said.
When reached by email, LoanDepot spokesman Jonathan Fine reiterated the company’s statement but declined to comment further or say whether the company received a ransom demand from the hackers.
LoanDepot says it has millions of customers, according to its investor website. Portions of LoanDepot’s website, including its customer portals, appear to be down. An error message on a login page seen by TechCrunch tells users: “Recurring automatic payments are being processed as expected, but there may be a temporary delay in seeing the published payment in your payment history. If you would like to make a payment, you can do so through our contact center by speaking with a representative at 866-258-6572.”
A screenshot of an error message on LoanDepot’s customer login portal, asking customers who want to make a payment to call instead. Image Credits: TechCrunch (screenshot)
The cyber incident at LoanDepot is the latest in a series of cyber attacks targeting the loan and mortgage industry in recent months.
A November ransomware attack on Fidelity National Financial, one of the largest insurance providers in the United States, took the company offline for more than a week. In December, mortgage and loan company Mr Cooper said hackers had stolen the personal data of more than 14 million customers during a cyber attack in October. Mr Cooper said it would incur at least $25 million in additional costs as a result of the incident, mainly to pay for credit monitoring of its affected customers.
New breach reporting rules that came into effect in December require companies to notify regulators of cybersecurity incidents that may have a “material” impact on their business.
For its part, LoanDepot said in its regulatory filing that it “will continue to evaluate the impact of the event and whether the event may have a material impact on the company.”
Do you work at LoanDepot and know more about the incident? Zack Whittaker can be reached on Signal and WhatsApp at +1 646-755-8849 or via email. You can also contact us via SecureDrop.
