Loandepot hack leaked almost 17 million customers' SSNs

Close to 17 million former and current Loandepot customers had their Social Security numbers compromised during a data breach, the lender disclosed in a filing shared with the Office of the Maine Attorney General.

The attack, which the lender says took place from  Jan. 3 to Jan. 5, also may have exposed the names, addresses, financial account numbers, phone numbers and data of birth information of customers.

Previously, Loandepot reported that 16.6 million customers had their personal identifiable information compromised, but it wouldn't confirm whether Social Security numbers were exposed. A spokesperson for the company declined to provide commentary regarding why there was a discrepancy in numbers.

Loandepot also revealed the cybersecurity incident will have a "material impact on its first quarter 2024 results," it said in a filing with the Securities and Exchange Commission Monday. The mortgage lender expects to record approximately $12 to $17 million in expenses related to the cybersecurity incident, net of expected insurance recovery.

Notorious ransomware gang Alphv, or Blackcat, has taken responsibility for the hack that shutdown some of Loandepot's systems at the beginning of 2024. It previously warned that Loandepot had not fully revealed the amount of customers impacted by the attack.

The criminal organization claims Loandepot initially offered $6 million for the stolen data, but then asked for more time to secure a bigger ransomware payment. Soon after, the mortgage lender allegedly "disappeared," a post by Alphv shared by cybersecurity outlets, said. 

Alphv announced it is in the process of selling the customer information on the dark web after the alleged negotiations with the mortgage lender broke down. It previously threatened to do the same with data stolen from Academy Mortgage in May 2023. Allegedly, Alphv also targeted Fidelity National in December.

As a result of the data breach, Loandepot is currently facing at least a dozen class action suits. One of the suits, which was brought by Loandepot borrower Jonathan Rosa, claims the company "[willfully failed] to prevent the data breach" by making claims that customer PII was safe when in reality it was not. Rosa's suit also accuses the mortgage company of not investing adequately in privacy and security protections.

Despite the litigation, the "company currently does not expect that the cybersecurity incident will have a material impact on its overall financial condition or on its ongoing results of operations," the lender reiterated in its filing with the SEC.

Loandepot is offering identity monitoring services for two years for customers via Experian at no charge, it reiterated in its filing with Maine's regulator in late-February.

For reprint and licensing requests for this article, click here.
Industry News Cyber attacks Cyber security Fraud Servicing
MORE FROM NATIONAL MORTGAGE NEWS