Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption.
LoanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in serviced loans and roughly 6,000 employees.
Customers began experiencing issues on Saturday when trying to log in to loanDepot's payment portal to pay loans or contact them by phone.
After detecting the security breach, loanDepot started an investigation with the help of external cybersecurity experts and began notifying relevant regulators and law enforcement agencies.
Following the attack, the company informed customers via social media that recurring automatic payments would still be processed, although delayed before they appear in the payment history.
Making new payments using the servicing portal will not be possible, and affected customers are advised to reach out to the call center for assistance.
As the loanDepot revealed today in an 8-K filing with the U.S. Securities and Exchange Commission, the attackers also encrypted files on compromised devices, but it's unclear which ransomware group was behind the attack.
The breach also forced loanDepot to shut down some of its systems to block the attackers' access to other devices on its network.
While loanDepot only mentions that the threat actors gained access to systems and encrypted files, ransomware gangs now also commonly steal corporate and customer data during breaches to use as leverage when pressuring victims into paying a ransom.
Given that loanDepot holds sensitive customer data like financial and bank account information, those affected by the breach should be vigilant against potential phishing attacks and identity theft attempts.
In May 2023, loanDepot disclosed a data breach resulting from a cyberattack in August 2022 that exposed customer data.
Mortgage lending giant Mr. Cooper also suffered a cyberattack in November 2023, which led to a data breach that exposed the personal data of 14.7 million customers.
First American Financial Corporation, one of the target U.S. title insurance companies, took some of its systems offline before Christmas to contain the impact of a cyberattack.
Mortgage firm loanDepot cyberattack impacts IT systems, payment portal.
Online museum collections down after cyberattack on service provider.
Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data.
Integris Health patients get extortion emails after cyberattack.
Nissan Australia cyberattack claimed by Akira ransomware gang.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 08 Jan 2024 17:40:03 +0000