The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.

Mortgage lender loanDepot is the latest big real estate company to be targeted by hackers, disclosing Monday that it had “shut down certain systems” after discovering an unauthorized third party accessed its systems and encrypted some of the company’s data — a tactic employed by ransomware groups that have targeted more than 1,000 companies and organizations.

In a Securities and Exchange Commission filing, loanDepot said it had “recently identified a cybersecurity incident” which it “promptly took steps to contain … including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement.”

LoanDepot declined to provide Inman more specific information on when the security breach occurred, or whether the company has received a ransom demand. But clients began complaining Friday on the social media site X, formerly Twitter, that they were unable to access the site to perform basic tasks like paying their mortgage.

Lawrence Abrams, the owner and editor-in-chief of BleepingComputer.com, posted a screenshot over the weekend in which loanDepot’s social media account on X informed a client on Saturday, Jan. 6, that the company was “experiencing a cyber incident, which is affecting our phone lines. We are working diligently to return to normal business operations as soon as possible.”

The nation’s two largest title insurers — Fidelity National Financial and First American Financial — were forced to shut down their systems after similar security breaches in November and December, and mortgage servicing giant Mr. Cooper last month notified nearly 15 million past and current customers that their personal information may have been compromised in an October data breach.

Fidelity National Financial (FNF) has said it discovered on Nov. 19 that an unauthorized third party had accessed some of its systems and acquired credentials and data. FNF said the incident was contained on Nov. 26 and has not commented on reports that the company was the target of a ransomware attack exploiting a software vulnerability in Netscaler, Citrix Bleed.

An FNF subsidiary, mortgage loan subservicer LoanCare LLC, has notified more than 1.3 million homeowners that hackers may have gained access to personal information including their name, address, Social Security number and mortgage loan number during the cyberattack on its parent company.

First American Financial has been gradually restoring business operations following a cybersecurity breach that knocked its website offline on Dec. 20, with the company’s AgentNet platform for title agents coming back online on Dec. 29.

The First American network, including the company’s employee email system, was restored on Jan. 3, and its IgniteRE platform for residential real estate professionals was back online the following day, according to updates posted on the company’s website.

First American Exchange Company websites FirstExchange.com and InvestEagle.com also came back online on Jan. 4, First American said.

A ransomware group known as Blackcat, ALPHV or Noberus, has allegedly infiltrated the computer networks of more than 1,000 victims, “including networks that support U.S. critical infrastructure,” the Department of Justice and FBI warned in a Dec. 19 bulletin.

In an advisory issued the same day, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) detailed steps companies should take to protect against ransomware attacks.

Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.

Email Matt Carter

Show Comments Hide Comments
Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Success!
Thank you for subscribing to Morning Headlines.
Back to top
Only 3 days left to register for Inman Connect Las Vegas before prices go up! Don't miss the premier event for real estate pros.Register Now ×
Limited Time Offer: Get 1 year of Inman Select for $199SUBSCRIBE×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription
×