Breach taxonomy
Summary
loanDepot identified a cybersecurity incident in early January 2024 in which an unauthorized third party accessed certain company systems and encrypted data. The company shut down certain systems and engaged cybersecurity experts to contain and investigate the incident. Regulators and law enforcement were notified. The company had not yet determined materiality as of the filing date. Subsequent disclosures confirmed approximately 16.6 million customers had personal data exposed including Social Security numbers and financial account numbers. Filed under Item 8.01; materiality not yet determined as of initial filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsRansomware
Filing explicitly states the unauthorized third party activity included encryption of data, confirming a ransomware attack → RANSOMWARE.
AssetsPersonal DataConfidential Biz
Unauthorized access and encryption affected company systems holding customer mortgage data including SSNs and financial account numbers (PERSONAL-DATA) and internal business information (CONFIDENTIAL-BIZ).
EffectsCyber ExtortionBiz InterruptionInfo Privacy Loss
Ransomware encryption involved an extortion element (CYBER-EXTORTION), the company shut down systems causing operational disruption (BIZ-INTERRUPTION), and approximately 16.6M customers had personal data exposed (INFO-PRIVACY-LOSS).
Business continuityPartial
Filing states the company shut down certain systems and is working to bring them back online; systems not fully restored as of the initial filing → Partial.
Impact
Ransomware at a major US mortgage lender with ~16.6 million customers' PII including SSNs and financial data exposed; significant operational disruption requiring system shutdowns → score 4.
InsuranceNot disclosed
The Jan 22 follow-up mentions 'extent of available insurance coverage' as a risk factor, suggesting coverage exists but filing does not affirmatively confirm a claim was filed → null.
Read the original SEC filing excerpt
Item 8.01. Other Events. loanDepot, Inc. (the Company) recently identified a cybersecurity incident affecting certain of the Company's systems. Upon detecting unauthorized activity, the Company promptly took steps to contain and respond to the incident, including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement. Though our investigation is ongoing, at this time, the Company has determined that the unauthorized third party activity included access to certain Company systems and the encryption of data. In response, the Company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident. The Company will continue to assess the impact of the incident and whether the incident may have a material impact on the Company.