loan depot announced on Friday (February 23) that 16.9 million customers were affected by a data breach that affected the company in January.
In a data breach that occurred between Jan. 3 and Jan. 5, hackers obtained names and other personally identifying information in combination with Social Security numbers, the financial services company said in a filing Friday with the Maine Attorney General’s Office. stated in the document.
In a data breach notification attached to the application, Loan Depot stated that the personal information obtained by the unauthorized third party included: name, address, email address, financial account number, social security number, telephone number, He said it may have included numbers and dates of birth.
The company said in the letter that it identified the breach on January 4th.
“We immediately took a series of steps to contain the incident, resolve the issue, and contact law enforcement,” Loan Depot said in its data breach notification. “We are also working with external forensic and cybersecurity experts to investigate this incident to identify whether customer information may have been accessed and to further improve the security of our systems.” We have started an investigation.”
The company said in the letter that it had found no evidence that the information was used for fraud, but would provide two years of free privacy services and credit monitoring.
The number of consumers affected by this incident is 16.9 million, which is higher than the “approximately 16.6 million individuals” Loan Depot said in a January 22 press release.
The company initially announced the cybersecurity incident on January 8, saying it had taken some systems offline and was working to restore normal business operations.
According to reports on January 19, Loan Depot customers said on social media and forums that they were unable to access their online accounts, were unable to make mortgage payments, and were unable to complete transactions.
According to a page dedicated to cyber incident updates on the loanDepot website, the company said four of the affected portals and websites were back online on January 18th, and another portal and mobile app were brought back online on January 19th. He said it was fully operational again.
“Unfortunately, we live in a world where these types of attacks are becoming increasingly frequent and sophisticated, and our industry is not immune,” said Loan Depot CEO Frank.・Mr. Martel stated in the company’s January 22nd press release regarding this incident.
