Lending firm LoanDepot confirmed that the personal information of 16.9 million individuals was stolen in a ransomware attack in early January.
The incident was disclosed on January 4, when the mortgage and non-mortgage lending company told the US Securities and Exchange Commission (SEC) that it identified unauthorized activity on certain systems and that it took them offline to contain the incident.
In an update on January 22, LoanDepot estimated the number of potentially impacted individuals at 16.6 million, without providing details on the type of personal information that might have been compromised.
Last week, however, the mortgage giant informed the Maine Attorney General’s Office that more than 16.9 million were, in fact, impacted and that it has started sending out notification letters to them.
“Through our investigation of the incident, we determined that between January 3rd and January 5th, 2024, an unauthorized third party gained access to certain of our systems, including certain sensitive personal information stored in those systems,” a copy of the letter submitted to the Maine AGO reads.
The letter also reveals that the impacted information includes names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, and financial account numbers.
As is typical in such cases, LoanDepot is offering free identity protection and credit monitoring services to impacted individuals, and encouraging them to watch for suspicious activity performed in their name.
The mortgage giant said right from the start that ransomware was involved in the incident and the infamous Alphv/BlackCat ransomware group claimed responsibility for the incident last week, listing LoanDepot on its leak site and claiming that it was in the process of selling allegedly stolen data.
BlackCat listed LoanDepot on a new leak site that it set up following a law enforcement takedown attempt. The US government is offering up to $10 million for information allowing them to identify the BlackCat leaders.
Related: 230k Individuals Impacted by Data Breach at Australian Telco Tangerine
Related: Bank of America Customer Data Stolen in Data Breach
Related: 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates
