Article Details

Mortgage firm loanDepot cyberattack impacts IT systems, payment portal. U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. loanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing approximately 6,000 people and servicing loans of over $140 billion. Yesterday, customers began experiencing issues when trying to log in to the company's payment portal to pay loans or contact them by phone. Some customers took to X to find out what was causing the outages, and loanDepot responded that they were suffering a cyber incident. "loanDepot is experiencing a cyber incident, which is affecting our phone lines. We are working diligently to return to normal business operations as soon as possible. We apologize for the inconvenience," the company stated on X. After contacting loanDepot about the cyber incident, the company confirmed they suffered a cyber attack and are working with law enforcement and forensics experts to investigate the incident. "loanDepot is experiencing a cyber incident. We have taken certain systems offline and are working diligently to restore normal business operations as quickly as possible. "We are working quickly to understand the extent of the incident and taking steps to minimize its impact. "The Company has retained leading forensics experts to aid in our investigation and is working with law enforcement.We sincerely apologize for any impacts to our customers and we are focused on resolving these matters as soon as possible." Do you have information about the attack on loanDepot or another cyberattack? If you want to share the information, you can contact us securely and confidentially on Signal at +1 (646) 961-3731, via email at lawrence.abrams@bleepingcomputer.com, or by using our tips form. Today, loanDepot's social media responses about the cyberattack have disappeared from X, but a similar message still appears when attempting to log in to the company's servicing portal. This message also states that recurring automatic payments will continue to be processed, but there will be a delay in it appearing in the payment history. However, using the servicing portal to make a new payment will not be possible, and customers should instead contact the company's call center. "If you are seeking to make a payment, you may do so through our contact center by speaking with an agent at 866-258-6572 from 7 am CT to 7 pm CT Monday through Friday, and 8 am CT to 5 pm CT on Saturday," advises loanDepot's servicing portal. At this time, it is not known what kind of attack the company is responding to, but it is likely a ransomware attack. If it was ransomware, the threat actors would have stolen corporate and customer data during the attack, which they would use as leverage to scare the company into paying a ransom. As loanDepot holds sensitive information about its customers, such as financial and bank account information, customers should be on the lookout for potential phishing attacks and identity theft. A similar incident occurred with mortgage lending giant Mr. Cooper, which was hit by a cyberattack in November 2022. A month later, Mr. Cooper disclosed a data breach, confirming the attack exposed the personal data of 14.7 million customers.