Breach taxonomy
Summary
loanDepot identified a cybersecurity incident in early January 2024 in which an unauthorized third party accessed certain company systems and encrypted data. The company shut down certain systems and engaged cybersecurity experts to contain and investigate the incident. Regulators and law enforcement were notified. The company had not yet determined materiality as of the filing date. Subsequent disclosures confirmed approximately 16.6 million customers had personal data exposed including Social Security numbers and financial account numbers. Filed under Item 8.01; materiality not yet determined as of initial filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsRansomware
Filing explicitly states the unauthorized third party activity included encryption of data, confirming a ransomware attack → RANSOMWARE.