2024-01-08 loanDepot, Inc. Cybersecurity Incident

Page last updated on July 16, 2024

loanDepot, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-01-08 06:00:48 EST.

Company Summary

LoanDepot, sometimes stylized as loanDepot, is an Irvine, California-based nonbank holding company which sells mortgage and non-mortgage lending products.

LoanDepot was founded in 2009 by entrepreneur Anthony Hsieh, who had previously founded mortgage companies LoansDirect.com which he sold to E*Trade in 2001, and HomeLoanCenter.com, which he sold to LendingTree in 2004.

Incident Details

Material: Yes
Is Breach: TRUE
Records Compromised: 16,924,071
Data Types Impacted: Date of Birth, Phone Number, Social Security Number, Loan Number, Email, Home address, Name

Compromised Date: 2024-01-03
Detected Date: 2024-01-04
Disclosure Date: 2024-01-08
Contained Date: 2024-02-27
Recovered Date:

Attack Goal: Theft

Costs: $12M - $17M

Filings

8-K filed on 2024-01-08

loanDepot, Inc. filed an 8-K at 2024-01-08 06:00:48 EST
Accession Number: 0001831631-24-000004

Item 8.01 Other Events.

loanDepot, Inc. (the “Company”) recently identified a cybersecurity incident affecting certain of the Company’s systems. Upon detecting unauthorized activity, the Company promptly took steps to contain and respond to the incident, including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement.

Though our investigation is ongoing, at this time, the Company has determined that the unauthorized third party activity included access to certain Company systems and the encryption of data. In response, the Company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.

The Company will continue to assess the impact of the incident and whether the incident may have a material impact on the Company.


8-K/A filed on 2024-01-22

loanDepot, Inc. filed a 8-K/A at 2024-01-22 06:01:53 EST
Accession Number: 0001831631-24-000011

Explanatory Note.

This Current Report on Form 8-K/A (this “Amendment”) amends the Current Report on Form 8-K filed by loanDepot, Inc. (the “Company”) with the Securities and Exchange Commission (the “SEC”) on January 8, 2024 (the “Original Report”). The Company is filing this Amendment in order to provide supplemental information regarding the cybersecurity incident disclosed by the Company in the Original Report. Except as expressly set forth herein, this Amendment does not amend the Original Report in any way. This Amendment supplements, and should be read in conjunction with, the Original Report.

Item 8.01 Other Events.

As disclosed in the Original Report, the Company recently identified a cybersecurity incident affecting certain of the Company’s systems. On January 22, 2024, the Company issued a press release providing an update regarding this cybersecurity incident. The press release is attached hereto as Exhibit 99.1 and is incorporated herein by reference.

The Company has not yet determined whether the cybersecurity incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

Exhibit No. 99.1

loanDepot, Inc. press release, dated January 22, 2024

loanDepot Provides Update on Cyber Incident

IRVINE, Calif. - January 22, 2024 - (BUSINESS WIRE) - loanDepot, Inc. (“LDI” or “Company”) (NYSE: LDI), a leading provider of home lending solutions, today provided an update on the cyber incident it disclosed on January 8, 2024.

The Company has been working diligently with outside forensics and security experts to investigate the incident and restore normal operations as quickly as possible. The Company has made significant progress in restoring our loan origination and loan servicing systems, including our MyloanDepot and Servicing customer portals.

Although its investigation is ongoing, the Company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems. The Company will notify these individuals and offer credit monitoring and identity protection services at no cost to them.

“Unfortunately, we live in a world where these types of attacks are increasingly frequent and sophisticated, and our industry has not been spared. We sincerely regret any impact to our customers,” said loanDepot CEO Frank Martell. “The entire loanDepot team has worked tirelessly throughout this incident to support our customers, our partners and each other. I am pleased by our progress in quickly bringing our systems back online and restoring normal business operations.”

“Our customers are at the center of everything we do,” said Jeff Walsh, President of LDI Mortgage. “I’m really proud of our team, and we’re glad to be back to doing what we do best: enabling our customers across the country to achieve their financial goals and dreams of homeownership.”

The Company is committed to keeping its customers, partners and employees informed and will provide any additional operational updates on our microsite at loandepot.cyberincidentupdate.com.


8-K/A filed on 2024-02-26

loanDepot, Inc. filed a 8-K/A at 2024-02-26 18:51:05 EST
Accession Number: 0001831631-24-000020

Explanatory Note.

This Current Report on Form 8-K/A (this “Amendment”) amends the Current Report on Form 8-K filed by loanDepot, Inc. (the “Company”) with the Securities and Exchange Commission (the “SEC”) on January 8, 2024 (the “Original Report”), as amended by Amendment No. 1 thereto filed with the SEC on January 22, 2024 (the “Amendment No. 1”). Except as expressly set forth herein, this Amendment does not amend the Original Report or Amendment No. 1 in any way. This Amendment supplements, and should be read in conjunction with, the Original Report and Amendment No. 1.

Item 8.01 Other Events.

As disclosed in the Original Report, as further amended by Amendment No. 1, the Company identified a cybersecurity incident, which it has contained. Our engagement with law enforcement and regulators continues. Based on our investigation and findings, we will be notifying up to approximately 16.9 million individuals whose sensitive personal information was impacted by this cybersecurity incident as required by law, and, as previously disclosed, will offer those individuals credit monitoring and identity protection services at no cost to them.

In addition, based on the information available to date, the Company believes that the cybersecurity incident will have a material impact on its first quarter 2024 results but does not expect the incident to have a material impact on full year 2024 results. Specifically, among other things, the Company expects to record in the first quarter of 2024 approximately $12 to $17 million of expenses related to the cybersecurity incident, net of expected insurance recovery.

The Company has also been named as a defendant in several lawsuits related to this cybersecurity incident, which are seeking various remedies, including monetary and injunctive relief. While we cannot presently quantify the full scope of expenses and other related impacts associated with this cybersecurity incident, including costs associated with any related current or future litigation or regulatory inquiries or investigations, the Company currently does not expect that the cybersecurity incident will have a material impact on its overall financial condition or on its ongoing results of operations.


Company Information

NameloanDepot, Inc.
CIK0001831631
SIC DescriptionFinance Services
TickerLDI - NYSE
Website
CategoryAccelerated filer
Smaller reporting company
Fiscal Year EndDecember 30