US mortgage lender loanDepot confirms ransomware attack

Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption.
LoanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in serviced loans and roughly 6,000 employees.
Customers began experiencing issues on Saturday when trying to log in to loanDepot's payment portal to pay loans or contact them by phone.
After detecting the security breach, loanDepot started an investigation with the help of external cybersecurity experts and began notifying relevant regulators and law enforcement agencies.
Following the attack, the company informed customers via social media that recurring automatic payments would still be processed, although delayed before they appear in the payment history.
Making new payments using the servicing portal will not be possible, and affected customers are advised to reach out to the call center for assistance.
As the loanDepot revealed today in an 8-K filing with the U.S. Securities and Exchange Commission, the attackers also encrypted files on compromised devices, but it's unclear which ransomware group was behind the attack.
The breach also forced loanDepot to shut down some of its systems to block the attackers' access to other devices on its network.
While loanDepot only mentions that the threat actors gained access to systems and encrypted files, ransomware gangs now also commonly steal corporate and customer data during breaches to use as leverage when pressuring victims into paying a ransom.
Given that loanDepot holds sensitive customer data like financial and bank account information, those affected by the breach should be vigilant against potential phishing attacks and identity theft attempts.
In May 2023, loanDepot disclosed a data breach resulting from a cyberattack in August 2022 that exposed customer data.
Mortgage lending giant Mr. Cooper also suffered a cyberattack in November 2023, which led to a data breach that exposed the personal data of 14.7 million customers.
First American Financial Corporation, one of the target U.S. title insurance companies, took some of its systems offline before Christmas to contain the impact of a cyberattack.
Mortgage firm loanDepot cyberattack impacts IT systems, payment portal.
Online museum collections down after cyberattack on service provider.
Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data.
Integris Health patients get extortion emails after cyberattack.
Nissan Australia cyberattack claimed by Akira ransomware gang.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 08 Jan 2024 17:40:03 +0000


Cyber News related to US mortgage lender loanDepot confirms ransomware attack

US mortgage lender loanDepot confirms ransomware attack - Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. LoanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in ...
9 months ago Bleepingcomputer.com
Guardians of Finance: loanDepot Confronts Alleged Ransomware Offensive - Among the leading lenders in the United States, loanDepot has confirmed that the cyber incident it announced over the weekend was a ransomware attack that encrypted data. In the United States, LoanDepot is one of the biggest nonbank mortgage lenders. ...
9 months ago Cysecurity.news
Mortgage firm loanDepot cyberattack impacts IT systems, payment portal - U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. LoanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing ...
10 months ago Bleepingcomputer.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
9 months ago Bleepingcomputer.com
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
10 months ago Cysecurity.news
LoanDepot Data Breach Hits 16.6 Customers - LoanDepot, one of the largest US-based retail mortgage lenders, has confirmed that around 16.6 million of its customers have had their personal information stolen. In a new filing to the US Securities and Exchange Commission on January 22, LoanDepot ...
9 months ago Infosecurity-magazine.com
Nations Direct Mortgage alerts 83,000 to personal data leaks from December cyberattack - Nevada-based Nations Direct Mortgage said more than 83,000 customers were affected by a late 2023 data breach that leaked Social Security numbers and other sensitive information. In filings with regulators in Maine and California, the company said it ...
7 months ago Therecord.media
ALPHV ransomware claims loanDepot, Prudential Financial breaches - The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. The two companies were added to ALPHV's dark web leak site today, with the threat ...
8 months ago Bleepingcomputer.com
LoanDepot Takes Systems Offline Following Ransomware Attack - Mortgage and non-mortgage lending firm LoanDepot has fallen victim to a ransomware attack that resulted in system disruptions. The Irvine, California-based nonbank holding company also said that it immediately took steps to contain the incident, ...
9 months ago Securityweek.com
LoanDepot Takes Systems Offline Following Ransomware Attack - Mortgage and non-mortgage lending firm LoanDepot has fallen victim to a ransomware attack that resulted in system disruptions. The Irvine, California-based nonbank holding company also said that it immediately took steps to contain the incident, ...
9 months ago Packetstormsecurity.com
Mr. Cooper Hackers Stole ~15 Million Users' Data - Mortgage company Mr. Cooper Group has finally 'fessed up to losing the personal info of 14,690,284 people. In today's SB Blogwatch, we leave him hangin'. Your humble blogwatcher curated these bloggy bits for your entertainment. The lender is one of ...
10 months ago Securityboulevard.com
Hackers Stole Data of 1.3 Million Financial National Fidelity Users - Hackers stole data from more than 1.3 million Fidelity National Financial customers when the giant real estate services firm was hit with a ransomware attack in November 2023 that shut down the company's operations for a week. The company wrote that ...
9 months ago Securityboulevard.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach - The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division. Tigo is the largest mobile carrier in Paraguay, with its ...
9 months ago Bleepingcomputer.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
11 months ago Bleepingcomputer.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
9 months ago Securityboulevard.com
LoanDepot Confirms Ransomware Attack in SEC Filing - One of America's largest retail mortgage lenders has revealed a significant ransomware breach in a new regulatory filing. LoanDepot claims to service tens of thousands of customers, with loans of over $140bn. Although not named explicitly, the ...
9 months ago Infosecurity-magazine.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
7 months ago Bleepingcomputer.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com
Hackers target Microsoft SQL servers in Mimic ransomware attacks - A group of financially motivated Turkish hackers targets Microsoft SQL servers worldwide to encrypt the victims' files with Mimic ransomware. These ongoing attacks are tracked as RE#TURGENCE and have been directed at targets in the European Union, ...
9 months ago Bleepingcomputer.com
China's biggest lender ICBC hit by ransomware attack - Industrial and Commercial Bank of China Ltd Nov 10 - The Industrial and Commercial Bank of China's U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ...
11 months ago Reuters.com
ALPHV claims cyberattacks on Prudential Financial, LoanDepot The Register - The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them. Neither company has had any of their stolen data leaked at this stage, ...
8 months ago Go.theregister.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
9 months ago Bleepingcomputer.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
10 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)