Loan origination system (LOS) provider Ellie Mae reports that the recent network outage that affected its customers two weeks ago was not due to a distributed denial of service (DDoS) attack, as was initially believed, but rather was ‘triggered by a confluence of factors involving network, hardware, software and demand for service.’
‘We are pleased to confirm there was no breach of client or borrower data,’ says Sig Anderman, CEO and founder of Ellie Mae, in a statement. ‘We sincerely apologize to our clients and any affected borrowers for the unavailability of Encompass services during the outage, and thank them for their patience and understanding as we worked to bring the system back to normal functioning levels.’
Anderman adds that the company is nevertheless ‘focused on continuing to enhance our systems to deliver the functionality, reliability and scalability our clients need to run their businesses, remain compliant and originate high quality loans efficiently.’
The company's statement, however, does not explain who was at fault for the outage – or what specifically happened.
When the outage first occurred on April 1, the company reported that it was consistent with a DDoS attack, leading many to speculate as to who would want to attack the company's Web-based system. However, ‘following a thorough review of the incident, with assistance from a leading security and cybercrime forensics firm, Ellie Mae has now concluded that there was no malicious attack on its systems,’ the company says in its statement.
Without being specific, the company says an ‘unexpected surge in service requests to web servers’ resulted in the outage.