Ransomware Strikes LoanDepot, Exposing 16.6M Customers' Data
Ransomware Strikes LoanDepot, Exposing 16.6M Customers' Data
On January 23, 2024, LoanDepot, one of the largest retail mortgage lenders in the U.S., confirmed that it suffered a significant ransomware attack. The breach exposed sensitive personal information of approximately 16.6 million customers, leading to major disruptions in mortgage payment processing. The company has temporarily taken its systems offline to address the fallout, with recovery costs projected at around $26.9 million. This incident underscores the increasing vulnerability of financial institutions to sophisticated cyber threats.
In parallel, Microsoft announced unauthorized access to email accounts used in compliance and legal practices, which began in November 2023. While the breach was contained quickly, it raises concerns regarding corporate email security. Additionally, researchers reported the active exploitation of critical zero-day vulnerabilities in Ivanti’s Connect Secure and Policy Secure products, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue directives to government agencies for immediate mitigation measures.
Also In Security Today
- Microsoft Email Breach: Microsoft detected unauthorized access to corporate email accounts critical for compliance and legal functions, emphasizing the need for enhanced email security protocols. Read more
- Mass Exploitation of Ivanti Vulnerabilities: Active threats targeting Ivanti’s critical vulnerabilities have been reported, prompting CISA to issue urgent advisories for remediation. Read more
- CISA's Ongoing Alerts: CISA continues to update its Known Exploited Vulnerabilities Catalog, stressing the urgency for organizations to address vulnerabilities actively exploited in the wild. Read more