The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.
Mortgage lender loanDepot is the latest big real estate company to be targeted by hackers, disclosing Monday that it had “shut down certain systems” after discovering an unauthorized third party accessed its systems and encrypted some of the company’s data — a tactic employed by ransomware groups that have targeted more than 1,000 companies and organizations.
In a Securities and Exchange Commission filing, loanDepot said it had “recently identified a cybersecurity incident” which it “promptly took steps to contain … including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement.”
LoanDepot declined to provide Inman more specific information on when the security breach occurred, or whether the company has received a ransom demand. But clients began complaining Friday on the social media site X, formerly Twitter, that they were unable to access the site to perform basic tasks like paying their mortgage.
Lawrence Abrams, the owner and editor-in-chief of BleepingComputer.com, posted a screenshot over the weekend in which loanDepot’s social media account on X informed a client on Saturday, Jan. 6, that the company was “experiencing a cyber incident, which is affecting our phone lines. We are working diligently to return to normal business operations as soon as possible.”
The nation’s two largest title insurers — Fidelity National Financial and First American Financial — were forced to shut down their systems after similar security breaches in November and December, and mortgage servicing giant Mr. Cooper last month notified nearly 15 million past and current customers that their personal information may have been compromised in an October data breach.
Fidelity National Financial (FNF) has said it discovered on Nov. 19 that an unauthorized third party had accessed some of its systems and acquired credentials and data. FNF said the incident was contained on Nov. 26 and has not commented on reports that the company was the target of a ransomware attack exploiting a software vulnerability in Netscaler, Citrix Bleed.
An FNF subsidiary, mortgage loan subservicer LoanCare LLC, has notified more than 1.3 million homeowners that hackers may have gained access to personal information including their name, address, Social Security number and mortgage loan number during the cyberattack on its parent company.
First American Financial has been gradually restoring business operations following a cybersecurity breach that knocked its website offline on Dec. 20, with the company’s AgentNet platform for title agents coming back online on Dec. 29.
The First American network, including the company’s employee email system, was restored on Jan. 3, and its IgniteRE platform for residential real estate professionals was back online the following day, according to updates posted on the company’s website.
First American Exchange Company websites FirstExchange.com and InvestEagle.com also came back online on Jan. 4, First American said.
A ransomware group known as Blackcat, ALPHV or Noberus, has allegedly infiltrated the computer networks of more than 1,000 victims, “including networks that support U.S. critical infrastructure,” the Department of Justice and FBI warned in a Dec. 19 bulletin.
In an advisory issued the same day, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) detailed steps companies should take to protect against ransomware attacks.
Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.
