Connect with us

Hi, what are you looking for?



LoanDepot Takes Systems Offline Following Ransomware Attack

Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions.

Mortgage and non-mortgage lending firm LoanDepot has fallen victim to a ransomware attack that resulted in system disruptions.

“The company has determined that the unauthorized third party activity included access to certain company systems and the encryption of data,” LoanDepot said in a Form 8-K filing with the Securities and Exchange Commission (SEC).

The Irvine, California-based nonbank holding company also said that it immediately took steps to contain the incident, launched an investigation into the matter, and started notifying regulators and law enforcement.

“The company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident,” LoanDepot said.

The SEC filing, however, does not provide details on whether any personal information might have been compromised during the attack.

“The company will continue to assess the impact of the incident and whether the incident may have a material impact on the company,” LoanDepot said.

SecurityWeek has not yet seen any known ransomware gang claiming responsibility for the attack.

LoanDepot is the second mortgage firm in the US to fall victim to a cyberattack over the past two months, after Mr. Cooper experienced a data breach impacting 14.7 million individuals.

Advertisement. Scroll to continue reading.

In late December 2023, LoanCare, which provides loan subservicing for mortgage loaners, announced that more than 1.3 million individuals were impacted by a data breach after its parent company Fidelity National Financial (FNF) fell victim to a ransomware attack.

“We’re only three weeks into the new SEC mandate and we’re already hearing of the first publicly traded company to disclose a cyber incident,” Reco.AI co-founder and chief product officer Gal Nakash told SecurityWeek in an emailed comment.

“When it comes to security incidents, speed is key. For that reason, it is imperative for organizations today to have the ability to set alerts for malicious and unknown IPs in order to quickly identify, respond, and remediate risk in a timely manner. With adversaries constantly looking for gaps in security postures, regular audits and proactive maintenance are crucial to detecting and fixing misconfigurations, significantly reducing the attack surface,” Nakash added.

Related: Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack

Related: Yamaha Motor Confirms Data Breach Following Ransomware Attack

Related: TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.