Close to 17 million former and current Loandepot customers had their Social Security numbers compromised during a
The attack, which the lender says took place from Jan. 3 to Jan. 5, also may have exposed the names, addresses, financial account numbers, phone numbers and data of birth information of customers.
Previously, Loandepot reported that 16.6 million customers had their personal identifiable information compromised, but it wouldn't confirm whether Social Security numbers were exposed. A spokesperson for the company declined to provide commentary regarding why there was a discrepancy in numbers.
Loandepot also revealed the cybersecurity incident will have a "material impact on its first quarter 2024 results," it said in a filing with the Securities and Exchange Commission Monday. The mortgage lender expects to record approximately $12 to $17 million in expenses related to the cybersecurity incident, net of expected insurance recovery.
Notorious ransomware gang Alphv, or Blackcat, has taken
The criminal organization claims Loandepot initially offered $6 million for the stolen data, but then asked for more time to secure a bigger ransomware payment. Soon after, the mortgage lender allegedly "disappeared," a post by Alphv shared
Alphv announced it is in the process of selling the customer information on the dark web after the alleged negotiations with the mortgage lender broke down. It previously threatened to do the same with
As a result of the data breach, Loandepot is currently facing at least a
Despite the litigation, the "company currently does not expect that the cybersecurity incident will have a material impact on its overall financial condition or on its ongoing results of operations," the lender reiterated in its filing with the SEC.
Loandepot is offering identity monitoring services for two years for customers via Experian at no charge, it reiterated in its filing with Maine's regulator in late-February.