U.S. mortgage lender loanDepot has fallen victim to a cyberattack, prompting the company to take swift action by temporarily shutting down its IT systems and online payment portals.
With approximately 6,000 employees and a loan servicing portfolio exceeding $140 billion, loanDepot is a major nonbank retail mortgage lender in the United States.
LoanDepot has confirmed that the cyber incident involved unauthorized third-party access to certain systems, resulting in the encryption of data. As a response, the company took steps to contain the breach, shut down affected systems, and initiated measures to secure its business operations. Despite these efforts, the company is still evaluating whether the incident will have a material impact on its operations.
This incident follows loanDepot's disclosure of a data breach in May 2022, stemming from a cyberattack in August 2022. Additionally, it aligns with a broader trend in the financial industry, with mortgage lending giant Mr. Cooper also falling victim to a cyberattack in November 2023, resulting in a data breach affecting millions of customers.
Cybersecurity experts have weighed in on the loanDepot cyberattack, offering valuable perspectives on the incident and its potential implications. Here are some notable quotes from industry leaders.
Piyush Pandey, CEO at Pathlock:
"Given that loanDepot is publicly traded, this could be one of the first companies to understand the impact of the new SEC requirements that went into effect last month. It is interesting that the company is still trying to determine whether the incident is 'material' or not.
The SEC requirements might apply given that this is a public company, however, the challenge is whether this is a 'material' incident based on the SEC definition. If so, they will have to disclose this in their next 8K report and document their security processes in their 10K at the end of the year."
[RELATED: December 15 Marks Deadline for SEC's New Cyber Disclosure Rules]
Patrick Tiquet, Vice President, Security & Architecture, at Keeper Security:
"Cyberattacks, like the ones on loanDepot and Mr. Cooper, underscore the importance of prioritizing cybersecurity by organizations of all sizes before a cybercriminal strikes.
In the event of an attack, no matter how a threat actor accesses the network, the next step is to make sure they are unable to go any further. Organizations large and small should implement a Zero-Trust security architecture with least-privilege access to ensure employees only have access to what they need to do their jobs.
By adopting a Zero-Trust framework within their infrastructure, leaders will be in a stronger position to not only identify and react to attacks on their organization but also mitigate any potential damage."
Claude Mandy, Chief Evangelist, Data Security, at Symmetry Systems:
"Unfortunately, a lot of organizations are stuck between a rock and a hard place when it comes to the retention of data. Various laws and legislature require organizations to keep records for over seven years, but they also hope to attract their past customers back into the fold, and plan to leverage it to develop future analytics insights.
In reality, this data just lies untouched where it lies, often long past their actual retention policies. Regardless of the reason, it is not unusual to see breaches impacting not only current customers, but previous customers too."
As loanDepot works diligently to restore normal business operations and assess the extent of the cyber incident, the broader cybersecurity landscape continues to evolve.
The insights provided by cybersecurity experts highlight the need for organizations to address issues such as third-party access governance, data retention practices, and the adoption of a Zero-Trust security architecture.
As the financial industry grapples with the aftermath of cyberattacks, businesses and individuals alike are urged to prioritize cybersecurity to mitigate potential risks and enhance overall resilience in the face of evolving cyber threats.
Follow SecureWorld News for more stories related to cybersecurity.
