LoanDepot, a large loan and mortgage company, has confirmed that approximately 17 million of their customers had sensitive personal information stolen during a ransomware attack in January. This information includes names, dates of birth, email and postal addresses, financial account numbers, phone numbers, and Social Security numbers collected from customers.
The number of affected customers has risen from the initial estimate of 16.6 million, which was disclosed to federal regulators last month. At that time, it was not specified what specific customer data was stolen.
The cyberattack occurred on January 4 and was initially described by LoanDepot as involving the encryption of data. It is unknown if a ransom was paid, and when asked by TechCrunch, a company spokesperson did not provide any information.
The attack left millions of LoanDepot customers unable to make payments or access their accounts online for several weeks.
LoanDepot is not the only loan and mortgage company that has been targeted by hackers in recent months. Mortgage giant Mr. Cooper confirmed that personal information of over 14 million customers was stolen in an October attack, resulting in at least $25 million in additional costs for the company. In November, one of the largest home insurance providers, Fidelity National Financial, was also hit by a ransomware attack, causing the company to be offline for more than a week.
Since their last regulatory filing, LoanDepot has not provided any updates on the potential impact of the cyberattack on their financial condition.
This article was originally published on January 22, 2024 and has been updated on February 26, 2024 with new information regarding the stolen customer data.
If you have any additional information about the incident and work at LoanDepot, you can contact Zack Whittaker via Signal or WhatsApp at +1 646-755-8849 or through email. Our team can also be reached via SecureDrop.