Customers of Irvine-based lender loanDepot are struggling to make mortgage payments after the Irvine company was hit by a cyberattack earlier this month.
The hack affected loan processing and phone services for the nation’s fifth-largest retail mortgage lender, according to a Jan. 8 filing with the Securities and Exchange Commission.
The company said its data was encrypted by the “unauthorized third party” who broke into company systems. It said certain unspecified systems were shut down to contain the incident.
Those system shutdowns are impacting customers who are attempting to make loan payments or begin a loan process, according to multiple users on social media such as Facebook and Twitter.
Dan O’Leary told the Southern California News Group that a week after the hack, he still can’t access the loan servicing portal where he makes payments. That same portal is where customers would request funds from home equity lines of credit, too.
“I haven’t tried calling yet myself, but others have reported the issues in the comments on their Facebook page,” he said.
LoanDepot said it had contacted law enforcement and was still assessing how the attack might affect its bottom line.
“We are working quickly to understand the extent of the incident and taking steps to minimize its impact,” the company said.
The incident bore all the hallmarks of a ransomware attack, but company spokesman Jonathan Fine would neither confirm or deny that possibility. The attack apparently began over the Jan. 6-7 weekend.
LoanDepot did not say whether any corporate or customer data was stolen during the break-in or when it was discovered. Ransomware criminals typically steal data before activating malware that scrambles data with encryption. That way, the criminals can extort the target even if it can quickly restore its networks from backups.
LoanDepot told customers on its website that recurring automatic payments were being processed and that they could make payments by phone.
Yossi Rachman, a senior director of security research at Semperis, told Forbes that mortgage giants are not immune to “persistent threat actors” that look for weaknesses in companies’ security architecture. “Age-old phishing scams are still highly effective in breaching organizations, as hackers send emails to a wide set of employees within a company and wait until someone inadvertently clicks on an attachment with malicious software code,” he said.
The hack comes just a month after news broke that the lender Mr. Cooper also was hit by a cyberattack affecting some 4 million customers. The company said it would cover any late fees and penalties and help resolve bad credit reporting tied to delays in mortgage payments.
Founded in 2010, loanDepot has more than $140 billion in outstanding loans and 6,000 employees servicing more than 27,000 customers each month.