loanDepot Says Cybersecurity Incident Accessed Some Systems, Encrypted Data

Mortgage company loanDepot experienced a cybersecurity incident on Monday (Jan. 8).

In a cyber incident update posted on its website on Monday at 6 a.m. ET and remaining there at 6 p.m. ET, loanDepot said that in response to the incident, it has taken certain systems offline and is working to restore normal business operations.

“We are working quickly to understand the extent of the incident and taking steps to minimize its impact,” loanDepot said in the update. “The company has retained leading forensics experts to aid in our investigation and is working with law enforcement.”

The company said it aims to resolve the issues as soon as possible and will continue posting updates on that page.

In a Securities and Exchange Commission (SEC) filing available on loanDepot’s investor relations page, the company said it identified a cybersecurity incident affecting some of its systems, launched an investigation with the help of cybersecurity experts, and began notifying regulators and law enforcement.

“Though our investigation is ongoing, at this time, the company has determined that the unauthorized third party activity included access to certain company systems and the encryption of data,” loanDepot said in the filing. “In response, the company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.”

The company added that it will continue to assess whether the incident may have a material impact on it.

This is the latest in a series of cybersecurity incidents.

For example, on Dec. 22, Sony-owned video-game studio Insomniac said that a data breach that became known earlier that month saw the theft of the personal information of employees, former employees and independent contractors as well as early development details about a game the company is working on.

On Dec. 18, VF Corporation, the owner of Vans, The North Face, Timberland and Dickies, said it was having trouble fulfilling orders after a Dec. 13 cyberattack.

“The threat actor disrupted the company’s business operations by encrypting some IT systems and stole data from the company, including personal data,” VF Corporation said in a Dec. 18 SEC filing.