Mortgage company LoanDepot has suffered a data breach that impacts some 16.9 million of its customers.

The breach occurred between 3 January and 5 January according to a LoanDepot filing with the Office of the Maine Attorney General.

LoanDepot identified the breach on 4 January. Information acquired may include names, addresses, email addresses, financial account numbers, social security numbers, phone numbers and dates of birth.

“We promptly took a series of steps to contain the incident, remediate the issue and contact law enforcement,” LoanDepot said. “We also launched an investigation of the incident, working with outside forensics and cybersecurity experts, to identify whether your information may have been accessed and to further secure our systems.”

The ALPHV/Blackcat ransomware gang has claimed responsibility for the attack.
The breach left customers unable to access their online accounts and make payments for several weeks.

ALPHV has threatened to sell the data if a ransom is not paid. LoanDepot has not said whether it has complied.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Industry reaction:

Erfan Shadabi, cybersecurity expert, comforte AG

Ransomware attacks continue to escalate in frequency and sophistication, posing significant threats to organisations across various sectors. One emerging strategy to mitigate these risks is the adoption of data-centric security approaches, such as tokenisation. Tokenisation involves replacing sensitive data elements with unique tokens that hold no exploitable value for threat actors. By employing this technique, organisations can render stolen data useless to attackers, significantly reducing the incentive for launching ransomware attacks. Unlike encryption, which can be decrypted with the right key, tokenisation ensures that even if attackers gain unauthorised access to systems, they only obtain meaningless tokens instead of valuable personal information. By embracing data-centric security measures like tokenisation, organisations can diminish the allure of stolen data for threat actors, fortifying their defences against evolving cyber threats and safeguarding sensitive information from exploitation.”

Boris Cipot, senior security engineer, Synopsys Software Integrity Group

While the details surrounding the incident remain unclear, users affected should adhere to the currently available guidance and remain vigilant against potential phishing attempts. Given that the attacker has accessed LoanDepot customer data, which includes sensitive information such as names, dates of birth, email and postal addresses, financial account numbers, and phone numbers, there is a risk of this data being misused for phishing purposes. Phishing emails typically create a sense of urgency, compelling recipients to click on links or open attachments, thereby facilitating the attack. To avoid falling victim to such tactics, users should refrain from clicking on any links or opening attachments from unknown senders.

If in doubt, it is advisable to contact the sender directly to verify the email’s authenticity, avoiding using contact details provided within the suspicious email itself. For instance, if an email warns of impending bank account closure or deductions unless immediate action is taken by clicking a link or calling a provided phone number, it is prudent to refrain from responding directly through the email. Instead, users should access their account through the official app or website of the service provider or contact them through verified channels found on their official webpage.

Javvad Malik, Lead Security Awareness Advocate, KnowBe4

This breach at LoanDepot is a stark reminder of the far-reaching consequences of ransomware attacks. It’s concerning to see the scale and sensitivity of the data involved, particularly the inclusion of Social Security numbers, which opens up a Pandora’s box of identity theft and financial fraud possibilities. This incident underscores the critical need for organisations, especially those handling vast amounts of personal information, to invest in robust cybersecurity measures, including threat detection, response strategies, and most importantly, providing employees with timely and relevant security awareness and training.

Furthermore, impacted customers should also be notified that their stolen information could be used to launch phishing or other social engineering attacks against them. Customers should remain vigilant, particularly when contacted by anyone claiming to be from LoanDepot.