Among the leading lenders in the United States, loanDepot has confirmed that the cyber incident it announced over the weekend was a ransomware attack that encrypted data. In the United States, LoanDepot is one of the biggest nonbank mortgage lenders. 

With over $140 billion in loan services and approximately 6,000 employees, this company is the largest nonbank loan broker. It was reported that customers were having issues when trying to access the loanDepot payment portal on Saturday, which prevented them from paying loans or contacting them. 

As a result of a cyberattack that disrupted the loan processing and telephone service of loanDepot, the U.S. retail mortgage lender is struggling to recover. A company filing on Monday with the Securities and Exchange Commission informed investors that data had been encrypted by a “third party” who broke into the company’s computer system by gaining access to it. 

As part of its efforts to contain the incident, certain unspecified systems had been shut down. A spokesperson for the Irvine, California-based firm said they had contacted law enforcement and were still determining the extent to which the attack could have an impact on their operation. 

According to BleepingComputer, this attack is the fifth-largest retail mortgage lender in the country and has been funding more than $275 billion in loans since it was founded in 2010. The company has been in business since 2010 and has more than 6,000 employees. 

As of 2022, it has generated a revenue of $1.8 billion. According to the company, during a cyberattack that took place in August 2022, an unknown number of customers' information was accessed. A loanDepot team of cybersecurity experts generated an investigation after discovering that a security breach had occurred, and they began notifying relevant agencies and regulators as soon as they became aware of the problem.

In the aftermath of the attack, the company informed its customers that automatic recurring payments would still be processed, but would take a while before they would appear in their account history. In any case, affected customers are advised to contact the call centre for assistance if they wish to make new payments through the servicing portal. 

New payments will not be possible through this portal. In contrast to what loanDepot states, which claims that the threat actors gained access to systems and encrypted files, ransomware gangs have been known to steal company and customer data as leverage when they attempt to pressure victims into paying a ransom to prevent them from making a payment in the first place. 

It is important to stay alert for potential phishing attacks and identity theft attempts because loanDepot holds sensitive customer data such as financial and bank account information. After a cyberattack targeted the company on August 20, 2022, loanDepot disclosed in May 2023 that the company had suffered a data breach as a result of the cyberattack. 

There was a cyberattack by a cybercriminal that resulted in a data breach that exposed the personal data of 14.7 million customers of the mortgage giant Mr Cooper in November 2023. A copy of the cyberattack that occurred before Christmas affected some of the systems of First American Financial Corporation (FAFC), which was one of the target companies in the U.S. title insurance industry. 

Fidelity National Financial was hit by a ransomware attack in November, which knocked the company down for more than a week due to a ransomware attack on one of the largest insurance providers in the United States. A December cyberattack claimed the identity of more than 14 million customers of the mortgage and loan company Mr Cooper.

It came in the wake of an attack in October that compromised the personal data of the company's customers. Cooper said that as a result of the incident the company was expected to have to incur more than $25 million in additional costs as a result of the incident, primarily because of the credit monitoring that it will have to do for its affected customers.