Loandepot was
The top-ranked mortgage lender "determined that the unauthorized third-party activity included access to certain company systems and the encryption of data," per a filing with the Securities and Exchange Commission dated Jan. 4. As a result, it took some operations offline.
The company did not provide specifics regarding when it identified the cybersecurity breach, but said that upon detecting unauthorized activity, it "launched an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement."
"[We are] working diligently to restore normal business operations as quickly as possible," the lender wrote on its website. The company declined to immediately provide further details.
Loandepot's breach is the latest in a string of cyberattacks on companies in the financial services space, including
One of the common themes in almost all of the other attacks is that personal identifiable information has been compromised.
Reporting these larger incidents will become broadly mandatory for mortgage shops later this year because the
The FTC's rule requires nonbanks to notify the agency no later than 30 days after they discover a breach involving the information of at least 500 consumers. The agency defines incidents as events where third parties acquired unencrypted customer data without authorization.
The notices must include information about the breach, such as the number of consumers either affected or potentially impacted. The reporting requirement goes into effect April 27, 2024.