Dive Brief:

• Mortgage lender loanDepot is responding to a cyberattack that led the company to take some of its IT systems offline, the California-based company said Monday. 
• “Though our investigation is ongoing, at this time, the company has determined that the unauthorized third-party activity included access to certain company systems and the encryption of data,” the company said Monday in filing with the Securities and Exchange Commission. “In response, the company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.”
• A spokesperson for the non-bank mortgage lender declined to say how or when the threat actor gained access to its systems and if it’s received an extortion demand or paid a ransom.

Dive Insight:

LoanDepot is the fourth major real estate industry organization hit by a cyberattack in the last couple months.

The personal data on every current and former customer of mortgage servicer Mr. Cooper Group – almost 14.7 million people – was stolen during a late October attack.

A cyberattack against Fidelity National Financial in November led to disruptions across its services, including title insurance and mortgage transactions. Another attack in late December against First American Financial resulted in theft and encryption of company data, the title insurance giant said last week.

LoanDepot is the second-largest non-bank mortgage lender behind Rocket Mortgage. The company said it is working to understand the extent of the incident and taking steps to minimize its impact.

“Upon detecting unauthorized activity, the company promptly took steps to contain and respond to the incident, including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement,” the company said in the SEC filing.