Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

Updated: February 27, 2024

74,000 Mainers may have had personal data stolen in mortgage lender cyberattack

graphic depiction of hands and a computer screen File photo / Courtesy A cyberattack threatens 16.9 million people whose data was held by LoanDepot Inc., of Irvine, Calif.

A massive cyberattack on one of the country's largest retail mortgage lenders has put 73,870 Maine residents — more than the population of Portland — at risk of losing sensitive personal information to hackers.

Nationwide, the attack threatens 16.9 million people whose data was held by LoanDepot Inc., of Irvine, Calif., according to a notice filed on Friday with the Maine attorney general's office.

The incident occurred between Jan. 3 and Jan. 5, when an "unauthorized third party" gained access to LoanDepot's information systems. Among the personal data that may have been illegally accessed: names, birth dates, addresses, email addresses, phone numbers, financial account numbers and Social Security numbers.

The company identified the data breach on Jan. 4 and "promptly took steps to contain and respond to the incident, including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement," according to a Jan. 8 filing with the Securities and Exchange Commission.

Warnings of the breach have been sent to consumers who might have been affected by it, and LoanDepot has offered them free identity protection services. That notice was sent by mail on Feb. 23, seven weeks after the incident.

LoanDepot Inc. (NYSE: LDI) is the country's fifth-largest retail mortgage lender and second-largest non-bank mortgage originator, the company says. It has provided more than $275 billion in loans since launching in 2010, and employs over 6,000 people nationwide.

Ransomware rumor

Following the data breach, LoanDepot temporarily shut down its mortgage origination and servicing systems, although they were restored by the end of January.

LoanDepot CEO Frank Martell said at the time, “Unfortunately, we live in a world where these types of attacks are increasingly frequent and sophisticated, and our industry has not been spared. We sincerely regret any impact to our customers. The entire LoanDepot team has worked tirelessly throughout this incident to support our customers, our partners and each other."

The company did not immediately respond to questions from Mainebiz about the current status of the investigation and response.

Some news media have reported that a dark-web criminal group, ALPHV/Blackcat, is responsible for the breach and has tried to extort LoanDepot in a ransomware scheme.

The Register, a technology news publication, said that LoanDepot proposed paying $6 million to release the data, but the group rebuffed the offer.

ALPHV/Blackcat has recently claimed responsibility for a similar attack on insurance company Prudential Financial. In December, the FBI said that ALPHV/Blackcat and its affiliates had compromised data of over 1,000 businesses and government entities and received nearly $300 million in ransom payments.

In April 2023, an unrelated ransomware attack against Harvard Pilgrim Health Care jeopardized the personal information of its 1.1 million insurance plan members, including roughly 75,000 Mainers.

In 2015, a cyberattack against Anthem Blue Cross and Blue Shield exposed the data of over 312,000 people in the state.

Sign up for Enews


Order a PDF