Customers of Irvine-based lender loanDepot are struggling to make mortgage payments after the Irvine company was hit by a cyberattack earlier this month.
The hack affected loan processing and phone services for the nation’s fifth-largest retail mortgage lender, according to a Jan. 8 filing with the Securities and Exchange Commission.
The company said its data was encrypted by the “unauthorized third party” who broke into company systems. It said certain unspecified systems were shut down to contain the incident.
Also see: OC-based LoanDepot cut corners in echo of 2008 mortgage crisis, suit says
Those system shutdowns are impacting customers who are attempting to make loan payments or begin a loan process, according to multiple users on social media such as Facebook and Twitter.
Dan O’Leary told the Southern California News Group that a week after the hack, he still can’t access the loan servicing portal where he makes payments. That same portal is where customers would request funds from home equity lines of credit, too.
More on lending: A secret bias in mortgage-approval algorithms is denying minority borrowers
“I haven’t tried calling yet myself, but others have reported the issues in the comments on their Facebook page,” he said.
LoanDepot said it had contacted law enforcement and was still assessing how the attack might affect its bottom line.
“We are working quickly to understand the extent of the incident and taking steps to minimize its impact,” the company said.
More on LoanDepot: How Anthony Hsieh went from cashier to mortgage billionaire
The incident bore all the hallmarks of a ransomware attack, but company spokesman Jonathan Fine would neither confirm or deny that possibility. The attack apparently began over the Jan. 6-7 weekend.
LoanDepot did not say whether any corporate or customer data was stolen during the break-in or when it was discovered. Ransomware criminals typically steal data before activating malware that scrambles data with encryption. That way, the criminals can extort the target even if it can quickly restore its networks from backups.
LoanDepot told customers on its website that recurring automatic payments were being processed and that they could make payments by phone.
Also see: LoanDepot CEO Anthony Hsieh buys Newport Coast mansion for record-setting $61 million
Yossi Rachman, a senior director of security research at Semperis, told Forbes that mortgage giants are not immune to “persistent threat actors” that look for weaknesses in companies’ security architecture. “Age-old phishing scams are still highly effective in breaching organizations, as hackers send emails to a wide set of employees within a company and wait until someone inadvertently clicks on an attachment with malicious software code,” he said.
The hack comes just a month after news broke that the lender Mr. Cooper also was hit by a cyberattack affecting some 4 million customers. The company said it would cover any late fees and penalties and help resolve bad credit reporting tied to delays in mortgage payments.
Founded in 2010, loanDepot has more than $140 billion in outstanding loans and 6,000 employees servicing more than 27,000 customers each month.
View more on Orange County Register