Lending giant LoanDepot (NYSE: LDI) said Monday that roughly 16.6 million individuals were impacted as a result of a ransomware attack originally disclosed earlier this month.
In a Form 8-K filing with the Securities and Exchange Commission (SEC) on January 4th, the company said it “has determined that the unauthorized third party activity included access to certain company systems and the encryption of data.”
As part of its incident response, the company shut down certain systems and launched an investigation.
“Although its investigation is ongoing, the Company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems,” LoanDepot said an a incident update on January 22nd. “The Company will notify these individuals and offer credit monitoring and identity protection services at no cost to them.”
LoanDepot is the second mortgage firm in the US to fall victim to a cyberattack in recent months after Mr. Cooper experienced a data breach impacting 14.7 million individuals.
In late December 2023, LoanCare, which provides loan subservicing for mortgage loaners, announced that more than 1.3 million individuals were impacted by a data breach after its parent company Fidelity National Financial (FNF) fell victim to a ransomware attack.