LoanDepot Breach Is Latest In Wave of Mortgage Cyberattacks

Claim Your FREE Cybersecurity Risk Assessment for peace of mind before leaving the office.

Third Time’s the Alarm! LoanDepot Breach Is Latest In Wave of Mortgage Cyberattacks

What Happened 

Over the last weekend, loanDepot, a major U.S. mortgage lender, faced a severe cybersecurity breach. Customers experienced issues when attempting to access the company’s online payment portal and contact customer service.  

LoanDepot confirmed a ransomware attack on Monday Jan 8 in an 8-K filing with the U.S. Securities and Exchange Commission (SEC).  

This comes on the wave of breaches from Loancare, Mr. Cooper, as well as Fidelity National Financial, Inc., and First American.  

System Takedown 

The breach led to significant disruptions in loanDepot’s operations. Critical systems were taken offline as a response, affecting the company’s ability to process online payments and handle customer inquiries via phone.  

What Data was Exposed 

While loanDepot has not specifically detailed the nature of the data compromised, the nature of their business suggests that sensitive customer information, including financial and personal details, might have been at risk. LoanDepot also confirmed that threat actors encrypted files on compromised devices, locking out LoanDepot.  

This could include: 


Home addresses

Phone numbers

Financial Information

Loan Information

And more

Response to the Breach 

In response to the attack, loanDepot immediately took several systems offline to prevent further data compromise. They also notified their customers through social media and other communication channels of the breach. 

Implications with SEC and Other Regulators such as NY DFS 

The cyberattack has significant regulatory implications for loanDepot. The company is required to report such incidents to the Securities and Exchange Commission (SEC) and other financial regulators like the New York Department of Financial Services (NY DFS) if they have any clients in NY state. These reports must detail the nature of the breach, the extent of the data compromised, and the steps taken to address the incident. Failure to comply with these reporting requirements can result in hefty fines and further legal implications. 

Key Measures for Other Mortgage Companies 

This incident is another wake-up call for other mortgage companies. Key measures to enhance cybersecurity include: 

Implementing Strong Access Controls: Ensure strict access control policies are in place. Use multi-factor authentication (MFA) to add an extra layer of security beyond just passwords.

Regular Security Audits and Risk Assessments: Conduct thorough and regular security audits to identify and address vulnerabilities. Risk assessments should be an ongoing process, adapting to new threats as they arise.

Advanced Threat Detection Systems: Invest in advanced threat detection and monitoring systems. These systems can alert you to suspicious activities early, potentially preventing a breach.

Employee Training and Awareness: Employees are often the first line of defense against cyber threats. Regular training on cybersecurity best practices and awareness of phishing and other common attack vectors are crucial.

Data Encryption: Encrypt sensitive data both in transit and at rest. This makes it much harder for unauthorized individuals to access or decipher the data.

Incident Response Plan: Have a well-defined incident response plan in place. This plan should outline the steps to take in the event of a breach, including communication strategies and containment procedures.

Regular Software Updates and Patch Management: Keep all systems and software updated with the latest security patches. Many cyberattacks exploit vulnerabilities in outdated software.

Vendor Risk Management: Since third-party vendors can also pose a risk, it’s important to ensure they adhere to stringent cybersecurity standards.

Your reputation is something you can never get back once you’ve been a victim of a cybercrime. So let me show you how we help hundreds of mortgage companies like Interstate Home Loan Center maintain their reputation. 

Take the first step towards reviewing your Mortgage Company’s security with a FREE Complete Technology Assessment and Compliance Review: Click here to Schedule