LoanDepot, a prominent loan and mortgage company, has officially confirmed that sensitive personal information of almost 17 million customers was compromised in a ransomware attack that occurred in January. The company revealed in a data breach notice submitted to Maine’s attorney general’s office that the stolen data encompasses a range of sensitive details including names, dates of birth, email and postal addresses, financial account numbers, phone numbers, and notably, Social Security numbers which were collected from customers.
The disclosure marks a significant increase from the initial figure of 16.6 million customers reported to federal regulators last month. Despite this, specific details regarding the nature of the stolen customer data were not provided in the initial disclosure.
LoanDepot experienced a cyberattack around January 4th, initially described as a case of data encryption or ransomware. However, it remains undisclosed whether the company paid a ransom in response to the attack, with a company spokesperson declining to comment when questioned by TechCrunch.
Following the cyber incident, LoanDepot’s millions of customers encountered difficulties in making payments or accessing their online accounts for several weeks.
