LoanDepot mortgage lender hit with cyberattack

This article was updated with information from LoanDepot's Securities and Exchange Commission filing at 1:25 p.m. EST

One of the United States’ largest retail mortgage lenders is in the midst of a cyberattack announced over the weekend.

LoanDepot filed documents on Monday with the Securities and Exchange Commission confirming that its systems had been encrypted.

"Though our investigation is ongoing, at this time, the Company has determined that the unauthorized third party activity included access to certain Company systems and the encryption of data. In response, the Company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident," it said in 8-K filings.

"The Company will continue to assess the impact of the incident and whether the incident may have a material impact."

The attack was first reported by BleepingComputer.

The company is the fifth-largest retail mortgage lender in the U.S. and has funded more than $275 billion in loans since being founded in 2010. It has more than 6,000 employees and reported a revenue of about $1.8 billion in 2022.

It previously told regulators in Massachusetts that an unknown number of customers had their information accessed during a cyberattack in August 2022.

“The Company has retained leading forensics experts to aid in our investigation and is working with law enforcement. We sincerely apologize for any impacts to our customers and we are focused on resolving these matters as soon as possible,” a spokesperson said.

Customers of the company flooded social media with complaints about not being able to access the LoanDepot payment portal.

The attack on LoanDepot comes after a run of cyber incidents involving companies in the mortgage business.

Mortgage loan servicer Mr. Cooper struggled for weeks dealing with a cyberattack that eventually caused the leak of the sensitive information of nearly 14.7 million people.

That incident was followed by an attack on Fidelity National Financial — a Fortune 500 provider of title insurance for property sales. The company was hit with ransomware in November, snarling home purchases across the U.S. for days.

In December, another title insurance company, First American, confirmed it was dealing with a cyberattack.

Several other critical financial services institutions like MeridianLink, Tipalti and Moneris reported incidents throughout the fall. One of the world’s largest banks, Industrial and Commercial Bank of China (ICBC), also announced a ransomware attack in November.

“With loanDepot’s recent disclosure of a cyber incident it suffered last week, it is yet another reminder that the mortgage and loan industry has been in the crosshairs of cyber threat actors for quite some time,” Semperis Senior Director of Security Research Yossi Rachman said.