News Hub

US mortgage firm LoanDepot grapples with suspected ransomware attack

Written by Tue 9 Jan 2024

US mortgage and loan firm, LoanDepot, said it is dealing with a suspected ransomware attack and is actively working to swiftly restore normal business operations.

On 8 January, LoanDepot confirmed the incident through a regulatory filing to the US Securities and Exchange Commission (SEC).

“Though our investigation is ongoing, at this time, the company has determined that the unauthorised third-party activity included access to certain company systems and the encryption of data,” said LoanDepot in the filing.

In a statement posted on the company’s website, LoanDepot said it has taken certain systems offline and is working to understand the extent of the cyberattack. 

An error message on a LoanDepot login screen said recurring automatic payments are processing as expected. However, there may be a temporary delay in users viewing the posted payment in their payment histories.

“We sincerely apologise for any impacts to our customers and we are focused on resolving these matters as soon as possible,” said LoanDepot.

The company has launched an investigation with assistance from unnamed leading cybersecurity experts and has begun the process of notifying applicable regulators and law enforcement.

As a result of data theft and encryption points, the cyberattack affecting LoanDepot is suspected to be a ransomware breach. However, no ransomware group has claimed responsibility for the attack as of yet.

Since December, new SEC breach reporting rules mandate companies to promptly notify regulators of cybersecurity incidents with a material impact on their business. First announced in July, the new rules aim to make cybersecurity disclosures more consistent, comparable, and useful, benefitting investors, companies, and the markets connecting them.

In April 2023, LoanDepot announced it ranked as the third largest mortgage lender in America by units of funded loans, according to 2022 Home Mortgage Disclosure Act data collected by the Consumer Financial Protection Bureau.

The cyberattack at LoanDepot is one in a string of incidents directed at the loan and mortgage industry. In November, a ransomware attack at insurance provider, Fidelity National Financial, left the company offline for over a week. 

One month later, mortgage and loan company, Mr. Cooper, disclosed a security breach in October that impacted over 14 million customers. In response to the incident, Mr. Cooper announced additional expenses of at least £19.6 million ($25 million) for credit monitoring of the affected customers.

Organisations Challenged with Safeguarding Data

Dan Lattimer, the Vice President for the UK and Ireland at computer and network security firm, Semperis, emphasised recent cyberattacks underscore the daily challenges organisations encounter in safeguarding their proprietary data.

“Today, most of the global heavyweights in the mortgage and loan industry deploy fairly robust security strategies to protect sensitive data. Unfortunately, persistent threat actors will target certain companies and look for gaps in their security architecture until they find a weak spot,” said Lattimer.

In October, BT released data stating that more than 530 signals of potential cyberattacks are experienced by businesses every second. With businesses of every size going digital, the most targeted industries in the past 12 months are IT, defence, banking, and insurance. A total of 19.7% of malware sightings are directed towards these high-stakes targets.

In November, a division of the Industrial and Commercial Bank of China experienced a ransomware attack. The attack caused disruptions in the US Treasury market, resulting in the clearing of fixed-income and equity trades.

Lattimer added that phishing scams are still highly effective in breaching organisations, as hackers send emails to a wide set of employees within a company and wait until someone inadvertently clicks on an attachment with malicious software code. 

While persistent threat actors will eventually breach a target, Lattimer said what happens next is the deciding factor in whether the illegal activity turns into a material loss, causes business disruptions, and ends up making news headlines. Lattimer stressed organisations need to take the initiative to the attackers and improve their resiliency. 

“Cybersecurity is a combat sport and not for the faint of heart. For instance, take the ransomware scourge. No one can pay their way out of ransomware. Preparing in peacetime is the key and if you find out about the attack because the criminals sent the ransom note, it is too late,” added Lattimer.

In its annual Ransomware Survey, Hornetsecurity revealed that more than nine in ten (92.5%) businesses are aware of ransomware’s potential for negative impact, but just 54% of respondents said their leadership is ‘actively involved in conversations and decision-making’ around preventing such attacks. Four in ten (39.7%) said they were happy to ‘leave it to IT to deal with the issue’.

Reassuringly, 93.2% of respondents rank ransomware protection as ‘very’ to ‘extremely’ important in terms of IT priorities for their organisation, and 87.8% of respondents confirmed they have a disaster recovery plan in place for a ransomware attack.

Lattimer added that securing identity systems is one of the most crucial components in an organisation’s risk management programme. When Active Directory services within the identity system are compromised, the hackers have been given the ‘keys to the kingdom’ and are free to siphon vast amounts of proprietary data.  

Join Cloud & Cyber Security Expo

6-7 March 2024, ExCeL London

Cloud & Cyber Security Expo is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Written by Tue 9 Jan 2024

Send us a correction Send us a news tip