More than 16 million consumers had their sensitive personal information stolen in a ransomware attack earlier this month that has crippled one of the nation’s largest lending operations and still has some of their online services inaccessible.
The Who: LoanDepot confirmed the data breach in a filing with federal regulators yesterday. It said it would notify customers of the incident, but the company would not yet disclose what information was compromised in the attack.
- This is the second major data breach involving a mortgage lender in less than a month. In December, mortgage servicer Mr. Cooper announced it was the victim of a cyberattack that affected 4 million consumers.
The What: Some of the company’s mortgage customers have been unable to access the lender’s payment portal for more than two weeks, according to a published report. The portal is also used by customers to access funds from their home equity lines of credit, as well.
- The company said it was still assessing the financial impact of the breach on its operations.
- LoanDepot told consumers that automatic payments are still being processed and consumers are able to make payments over the phone with representatives of the company.
The How: After accessing the company’s systems, the hackers encrypted all of LoanDepot’s data, making it inaccessible to anyone other than the hackers. In a ransomware attack, the hackers exchange the encryption key for cash, usually in the form of Bitcoin, which is less traceable than actual money.