Almost 17 million LoanDepot customers had sensitive personal information, including Social Security numbers, stolen in a January ransomware attack, the company has confirmed.
The loan and mortgage giant company said in a data breach notice filed with Maine’s attorney general’s office that the stolen LoanDepot customer data includes names, dates of birth, email and postal addresses, financial account numbers, and phone numbers. The stolen data also includes Social Security numbers, which LoanDepot collected from customers.
The number of affected LoanDepot customers rose from 16.6 million as initially disclosed to federal regulators last month, which did not say what specific customer data had been stolen.
LoanDepot was hit by a cyberattack around January 4 that it described at the time as involving the “encryption of data,” or a ransomware attack. It’s not known if LoanDepot paid a ransom, nor would a company spokesperson say when previously asked by TechCrunch.
The cyberattack left LoanDepot’s millions of customers unable to make payments or access their online accounts in the weeks that followed.
LoanDepot was one of several loan and mortgage companies targeted by malicious hackers in recent months.
Mortgage and loan giant Mr. Cooper said hackers stole the personal information of more than 14 million customers during an October cyberattack, costing the company at least $25 million in additional costs. Weeks later, in November, one of the largest U.S. home insurance providers, Fidelity National Financial, was hit by a ransomware attack, knocking the company offline for over a week.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
LoanDepot said in its latest regulatory filing that the cyberattack will ding the company’s fiscal first quarter earnings to the tune of between $12 to $17 million.
This story was originally published on January 22, 2024, and updated on February 26, 2024, with new information about what customer data was stolen. Updated on February 27, 2024 with new earnings impact.
Do you work at LoanDepot and know more about the incident? You can contact Zack Whittaker on Signal and WhatsApp at +1 646-755-8849, or by email. You also can contact us via SecureDrop.
