Cyber Incident Victim: loanDepot
Date:
Jan 2024
Location:
United States of America
Summary
A major U.S. mortgage lender experienced a cyberattack that forced it to take IT systems offline, disrupting online payment processing and customer service phone lines. The incident prevented customers from accessing the payment portal for new transactions, though recurring automatic payments continued with delayed visibility in payment history. The company engaged law enforcement and forensic experts to investigate the breach while advising affected customers to use alternative contact methods for payments. Given the organization's handling of sensitive financial data and a prior data breach, the attack raises concerns about potential unauthorized access to customer information and associated risks like phishing or identity theft. Service disruptions persisted as restoration efforts continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
loanDepot, a major U.S. nonbank retail mortgage lender servicing over $140 billion in loans, experienced a cyberattack that disrupted its operations starting on or before January 7, 2024. The incident forced the company to take multiple IT systems offline, including its online payment portal and phone support lines, preventing customers from accessing services to manage loans or make new payments. Customers attempting to log into the payment portal encountered system outages, while phone-based customer service became unavailable during standard operating hours. The company confirmed the cyber incident through social media communications on X (formerly Twitter), acknowledging the operational disruptions and apologizing for inconveniences caused to customers. Initial public reports of service interruptions emerged from customer complaints on social media platforms, prompting loanDepot's official acknowledgment of the situation. While automatic recurring payments continued processing, the company noted delays in payment history updates within affected systems. Customers seeking to make new payments were directed to contact a specified call center number during limited operational windows as a temporary workaround.
The organization engaged third-party forensic experts and collaborated with law enforcement agencies to investigate the incident's scope and origin. Company statements emphasized efforts to restore normal operations swiftly while working to understand the full impact of the security breach. This incident followed a previous August 2022 cyberattack disclosed by loanDepot in May 2023 that had compromised customer data, though no connection between the two events was confirmed. The January 2024 attack occurred amidst heightened cybersecurity concerns in the mortgage sector, coming shortly after Mr. Cooper's November 2023 breach affecting 14.7 million customers. loanDepot's public communications regarding the incident were temporarily removed from social media platforms, though system outage messages remained visible to users attempting portal access. The company maintained approximately 6,000 employees continued normal business operations where possible while affected systems underwent restoration and investigation procedures.