LoanDepot Hit With Cyber Incident


LoanDepot reports that it is experiencing a cyber incident and is “working diligently to restore normal business operations as quickly as possible.”

On a dedicated web page. the lender says it has “taken certain systems offline.”

“We are working quickly to understand the extent of the incident and taking steps to minimize its impact,” the company says, adding that it has “retained leading forensics experts to aid in our investigation and is working with law enforcement.”

LoanDepot is the fourth large-size mortgage company to experience a cyberattack in the past three months.

In late October, mortgage lender Mr. Cooper reported that it had been hit with a cyber incident and later revealed that the personal information of 14.7 million consumers had been stolen. The incident also involved certain systems being taken down, including those used for processing customer payments.

In November, the personal information of more than 1.3 million consumers was compromised as the result of a cyberattack on mortgage servicer LoanCare’s systems. As a result of that attack, victims’ names, addresses, Social Security numbers, and loan numbers may have been accessible, the company, owned by Fidelity National Financial, says in a statement.

In late December, title insurance company First American reported that it, too, was hit with a cyberattack, and as a result had to take certain systems offline.

“Upon detection of the unauthorized activity, [First American] took steps in an effort to contain, assess and remediate the incident,” the company says in a statement. “On December 20, 2023, the company elected to isolate systems from the Internet. The company has retained leading experts, worked with law enforcement and notified certain regulatory authorities. As of the date of this filing, the company believes it has contained the incident. The company is in the process of restoring access to its systems and resuming normal business operations. Though the incident is still under investigation, the company believes the perpetrator of the activity accessed certain company systems, exfiltrated data and encrypted data on certain non-production systems.”

Photo: Kevin Ku

Notify of
Inline Feedbacks
View all comments