Connect with us

Hi, what are you looking for?


Data Breaches

LoanDepot Ransomware Attack Exposed 16.9 Million Individuals

Lending firm LoanDepot said the personal information of 16.9 million people was stolen in a ransomware attack in early January.

Lending firm LoanDepot confirmed that the personal information of 16.9 million individuals was stolen in a ransomware attack in early January.

The incident was disclosed on January 4, when the mortgage and non-mortgage lending company told the US Securities and Exchange Commission (SEC) that it identified unauthorized activity on certain systems and that it took them offline to contain the incident.

In an update on January 22, LoanDepot estimated the number of potentially impacted individuals at 16.6 million, without providing details on the type of personal information that might have been compromised.

Last week, however, the mortgage giant informed the Maine Attorney General’s Office that more than 16.9 million were, in fact, impacted and that it has started sending out notification letters to them.

“Through our investigation of the incident, we determined that between January 3rd and January 5th, 2024, an unauthorized third party gained access to certain of our systems, including certain sensitive personal information stored in those systems,” a copy of the letter submitted to the Maine AGO reads.

The letter also reveals that the impacted information includes names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, and financial account numbers.

As is typical in such cases, LoanDepot is offering free identity protection and credit monitoring services to impacted individuals, and encouraging them to watch for suspicious activity performed in their name.

The mortgage giant said right from the start that ransomware was involved in the incident and the infamous Alphv/BlackCat ransomware group claimed responsibility for the incident last week, listing LoanDepot on its leak site and claiming that it was in the process of selling allegedly stolen data.

Advertisement. Scroll to continue reading.

BlackCat listed LoanDepot on a new leak site that it set up following a law enforcement takedown attempt. The US government is offering up to $10 million for information allowing them to identify the BlackCat leaders.

Related: 230k Individuals Impacted by Data Breach at Australian Telco Tangerine

Related: Bank of America Customer Data Stolen in Data Breach

Related: 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.