loanDepot cyberattack causes data breach for 16.6 million people

Following a January 6 attack that forced it to shut down some of its systems to contain the breach, the company told customers that recurring automatic payments would still be processed, with payment history delays.

Payments via the servicing customer portal were also unavailable after the incident, and several other online portals, including MyloanDepot, HELOC, and the mellohome website, were also offline.

Several days later, loanDepot confirmed this was a ransomware attack, with the malicious actors also encrypting files on compromised devices.

On January 22, after confirming that millions of people had their data stolen, the company said it would notify individuals impacted by this data breach, providing them with free credit monitoring and identity protection services.

"The Company has made significant progress in restoring our loan origination and loan servicing systems, including our MyloanDepot and Servicing customer portals," loanDepot said.

"Although its investigation is ongoing, the Company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems."

Corporate and customer data stolen by ransomware gangs is now commonly used as leverage in double-extortion attacks to pressure victims into paying a ransom.

Given that loanDepot stores sensitive customer financial and bank account information, those affected by this breach should know they might be the target of phishing attacks and identity theft attempts.

However, loanDepot has yet to share what type of customer personal information was accessed and stolen from its systems.

In May 2023, loanDepot disclosed another data breach resulting from an August 2022 cyberattack that exposed customer data.

loanDepot is a major U.S. nonbank mortgage lender with roughly 6,000 employees and over $140 billion in serviced loans.

Source: bleepingcomputer.com