LoanDepot Continues to Restore Business Operations Amid Cybersecurity Breach

LoanDepot continues to deal with a cybersecurity incident that began Jan. 8.

Customers said on social media and forums that they have been unable to access their online accounts, submit mortgage payments or close deals since that time, TechCrunch reported Friday (Jan. 19).

“LoanDepot is experiencing a cyber incident,” a banner on its homepage and a note on its page devoted to operational updates related to the incident said Friday.

The company posted an update to the site Friday at 5 p.m. Eastern time saying, “Our servicing customer portal and mobile app are now fully operational.”

LoanDepot added four updates to the page Thursday (Jan. 18), announcing websites and features that were back online.

“We will continue to post operational updates on this page as we return to normal business operations,” one of the posts said.

When the company initially announced the cybersecurity incident Jan. 8, it said it had taken certain systems offline and was working to restore normal business operations.

“We are working quickly to understand the extent of the incident and taking steps to minimize its impact,” the company said in its first update. “The company has retained leading forensics experts to aid in our investigation and is working with law enforcement.”

In a Securities and Exchange Commission (SEC) filing available on LoanDepot’s investor relations page, the company said it identified a cybersecurity incident affecting some of its systems, launched an investigation with the help of cybersecurity experts, and began notifying regulators and law enforcement.

As of Friday at 5 p.m. Eastern time, the company has not posted any other SEC filings regarding the incident.

The PYMNTS Intelligence study “Financial Institutions Revamping Technologies to Fight Financial Crimes” found that 43% of financial institutions in the United States experienced an increase in fraud in 2023 relative to 2022. In addition, financial institutions’ fraud losses increased by about 65% from $2.3 million in 2022 to $3.8 million in 2023.

In another cybersecurity incident, someone breached the SEC’s account on X, formerly known as Twitter, to falsely announce the regulator’s long-awaited approval of bitcoin exchange-traded funds (ETFs).