Inman

LoanDepot hackers had access to Social Security numbers, DOBs

The moment has arrived — the moment to take charge. This summer, at Inman Connect Las Vegas, July 30-Aug 1, 2024, experience the complete reinvention of the most important event in real estate. Join your peers and the industry’s best as we shape the future — together. Learn more.

Mortgage lending giant loanDepot says hackers gained access to the sensitive personal information of nearly 17 million people last month, including email addresses, financial account numbers, Social Security numbers, phone numbers and dates of birth.

LoanDepot is offering 24 months of free identity protection services and credit monitoring from Experian to those affected by the January cyberattack, which the ransomware group ALPHV/Blackcat claimed responsibility for on Feb. 16.

TAKE THE FEBRUARY INMAN INTEL INDEX SURVEY NOW

Irvine, California-based loanDepot disclosed to investors Tuesday that it expects to incur $12 million to $17 million in expenses during the first quarter related to the cyberattack and has been named as a defendant in several lawsuits, which the company does not expect will have a material impact on its results.

LoanDepot had previously disclosed that as many as 16.6 million customers may have been affected by the cyberattack. A Feb. 23 filing with Maine regulators puts the number affected at 16.9 million and provides additional, previously undisclosed details.

Attorneys for loanDepot told the Office of the Maine Attorney General that the data breach occurred on Jan. 3, was discovered by loanDepot the next day and lasted until Jan. 5.

LoanDepot did not disclose the breach publicly until Jan. 8 and has reported on a cyber incident update page that it was still working on restoring its loan origination and loan servicing systems on Jan. 22. A loanDepot spokesperson told Inman the company’s systems were fully restored later that week.

In a Feb. 23 notice to consumers, loanDepot said the incident “may have impacted your name, address, email address, financial account numbers, social security number, phone number, and date of birth.”

“Although we have no evidence at this time that your information has been misused for identity or fraud as a result of this incident, to help protect your identity, we are offering you 24 months of identity protection services and credit monitoring from a leading identity monitoring services company, Experian, at no charge,” the notice said.

LoanDepot, which employs more than 4,500 workers, made nearly $24 billion in home loans in the 12 months ending Sept. 30 and was collecting monthly mortgage payments from 490,000 borrowers who owed $144 billion in mortgage debt. During the first quarter of 2023, loanDepot transitioned its servicing portfolio to an in-house platform to reduce servicing expenses.

The FBI blames ALPHV/Blackcat and its affiliates for compromising over 1,000 businesses and government entities to extort nearly $300 million in ransom payments. Companies in the real estate industry that have been hit with similar security breaches include Fidelity National Financial and First American Financial, the nation’s two largest title insurers, and mortgage servicing giant Mr. Cooper.

In the latest incident, ALPHV/Blackcat is being blamed for a breach that’s made it difficult for pharmacies to fill many prescriptions for the past week, Reuters reported Monday.

The FBI has developed a decryption tool that it’s offering to victims to help restore their systems, which has saved dozens of victims from ransom demands totaling approximately $99 million, the State Department said on Feb. 15 when announcing up to $15 million in rewards aimed at stopping the group.

Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.

Email Matt Carter