Alphv claims responsibility for Loandepot hack

Alphv, or Black Cat, a ransomware gang, is taking responsibility for the hack that took down Loandepot's systems in early January and exposed the data of past and current customers. The same group has allegedly targeted other players in the mortgage industry, including Academy Mortgage and Fidelity National. 

The criminal organization claims Loandepot initially offered $6 million for the stolen data, but then asked for more time to secure a bigger ransomware payment. After which, the mortgage lender allegedly "disappeared," a post by Alphv shared by cybersecurity outlets, said. Alphv announced it is in the process of selling said customer information on the dark web after the alleged negotiations with the mortgage lender broke down. It previously threatened to do the same with data stolen from Academy Mortgage in May.

Loandepot declined to respond to a request for comment Monday.

At least 16.6 million current and former Loandepot customers had their Social Security numbers stolen. Alphv claims in its post that the attack was much wider in scope. 

The criminals allege that Loandepot did not fully disclose the amount of data stolen and that "multiple databases" were downloaded from credit bureaus that included the personal identifiable information on customers that weren't Loandepot borrowers.

In mid-December, the Department of Justice claimed to have launched a disruption campaign targeting Alphv's operations. Per the department's announcement, the FBI developed a decryption tool that allowed law enforcement to offer over 500 affected victims the capability to restore their systems. That same month international authorities seized the ransomware gang's dark-web leak internet site. 

Despite this, Alphv has continued to target companies in the financial industry space.

The FBI has publicly discouraged companies from paying ransoms, because a payment doesn't guarantee data recovery and could encourage further attacks. 

At least three class action suits are currently pending against Loandepot, which allege the mortgage lender failed to adequately protect PII of customers.

One of the suits brought by Jonathan Rosa, a Loandepot borrower, claims the company "[willfully failed] to prevent the data breach" by making claims that customer PII was safe when in reality it was not. 

Rosa's suit also accuses the mortgage company of not investing adequately in privacy and security protections.