LoanDepot, a Mortgage Lender Falls Prey to Suspected Ransomware Attack

Highlights:

• As of now, no ransomware group has taken credit for the attack, but that could very well change in the days ahead.
• The timing of the attack may also have legal repercussions because last month saw the implementation of new disclosure laws.

The most recent victim of a cyberattack that disrupted internal processes and impacted clients is the American mortgage provider LoanDepot Inc.

The business formally disclosed the attack in an 8-K filing with the U.S. Securities and Exchange Commission. The attack reportedly took place over the weekend. According to the report, LoanDepot classifies the hack as a cybersecurity incident that impacted a few of its systems.

According to LoanDepot, as soon as it noticed unusual behavior, it acted to contain and address the situation, checking off items on a standard incident response checklist that included opening an investigation, recruiting outside cybersecurity specialists, and alerting relevant law enforcement and regulatory bodies.

LoanDepot wrote, “Though our investigation is ongoing, at this time, the company has determined that the unauthorized third-party activity included access to certain company systems and the encryption of data. In response, the Company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.”

“The company will continue to assess the impact of the incident and whether the incident may have a material impact on the company,” the company added.

The company stated data encryption, which provided a hint even if it didn’t reveal the type of attack. It is quite likely that ransomware was used in the attack if data was encrypted.

As of now, no ransomware group has taken credit for the attack, but that could very well change in the days ahead. The attack may have entailed data theft through a so-called double tap ransomware attack, depending on the ransomware group responsible. Over the past year, ransomware attacks have mostly taken the form of data theft and encryption.

Should data be compromised, it could contain a wealth of information, including personally identifiable data. Millions of consumers were served by the corporation, which was the third-largest mortgage lender in the United States as of April of last year.

The timing of the attack may also have legal repercussions because last month saw the implementation of new disclosure laws.

Piyush Pandey, Chief Executive at application security company Pathlock Inc., stated, “Given that LoanDepot is publicly traded, this could be one of the first companies to understand the impact of the new SEC requirements that went into effect last month. It is interesting that the company is still trying to determine whether the incident is ‘material’ or not.”

Pandey mentioned that since it’s a public company, the SEC requirements might apply. “However, the challenge is whether this is a ‘material’ incident based on the SEC definition,” he said. “If so, they will have to disclose this in their next 8K report and document their security processes in their 10K at the end of the year.”