I saw this through my posting of Databreaches articles to my feed, but I also thought I saw this in an earlier post on Mastodon.
Suffice it to say, I’m here to give everyone a Loan Depot update.
Now we’re learning that the attack that started as a Ransomware attack is now a breach, and the roughly 17 million people are being notified.
I give Loan Depot credit here. They’re being transparent about things and updating those affected accordingly. This is the best we can ever ask for.
We want this in companies and it doesn’t matter the size.
We knew that the Ransomware attack could have exposed info, but we really didn’t know what. If you read nothing else from this article, you’ll learn a little bit more. Yes, customers and former customers are affected.
LoanDepot suffered a ransomware attack exposing the sensitive data of nearly 17 million individuals including PII data – Now, the company is offering credit monitoring and working to mitigate potential damage.
A major ransomware attack leading to a massive data breach at LoanDepot, a leading mortgage lender, has exposed the personal information of nearly 17 million individuals. In a data breach notification to Maine’s attorney general’s office, the company confirmed that the breach took place on January 3, 2024, and was discovered a day later on January 4.
The Breach:Details surrounding the attack remain limited, but LoanDepot acknowledges unauthorized access to their systems, potentially compromising sensitive customer data. While the specific types of information exposed haven’t been confirmed, the letter sent to the victims of the data breach suggests it could include their full name, address, email address, financial account numbers, social security number, phone number, and date of birth.
Impact on Individuals:
As written then, they took steps to make sure that they could get things working. Then the investigation found what we’re highlighting here. Being transparent is the key.
LoanDepot took immediate action to contain the attack and secure their systems. They launched an investigation in collaboration with cybersecurity experts and notified law enforcement authorities. Additionally, the company has offered one year of complimentary credit monitoring and identity theft protection services to all impacted individuals.
Uncertainties and Concerns:
It would not surprise me if people, especially non-customers, sue the company for neglegence but we’ll have to see over time. The article says:
The LoanDepot data breach is likely to attract scrutiny from regulators and may lead to legal repercussions. The Federal Trade Commission (FTC) is responsible for enforcing data privacy regulations, and they may investigate the incident to determine if LoanDepot followed appropriate data security practices. Further, affected individuals may have legal recourse against LoanDepot for failing to protect their personal information.
For insights into the LoanDepot data breach, we reached out to Javvad Malik, Lead Security Awareness Advocate at KnowBe4 who stated “This breach at LoanDepot is a reminder of the far-reaching consequences of ransomware attacks and it’s concerning to see the scale and sensitivity of the data involved, particularly the inclusion of Social Security numbers, which opens up Pandora’s box of identity theft and financial fraud possibilities.”
Javvad emphasised the importance of employee training within the organisations especially those responsible for data handling. “This incident highlights the critical need for organizations, especially those handling vast amounts of personal information, to invest in strong cybersecurity measures, including threat detection, response strategies, and most importantly, providing employees with timely and relevant security awareness and training.”
Ransomware Gangs
KnowBe4 is one of the leaders in Cybersecurity training, and they’re a resource on EMHS. We love the work they do and I’m happy to see Hackread interview them for this story.
To read more, please view Hackread’s complete coverage of this. LoanDepot Ransomware Attack Leads to Data Breach; 17 Million Impacted is the article.
Thanks for being subscribed to the blog! When we find updates, and they’re worth sharing, we do it.
Keep on fighting!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.