DATA BREACH!
It’s a term we hear all too often these days. Recently, major companies like Santander and Ticketmaster have fallen victim to cyberattacks due to a lack of cybersecurity or cybersecurity awareness somewhere along the line. Given these developments, I thought it would be an opportune moment to discuss a significant data breach that an American FinTech company experienced at the beginning of the year and is still grappling with today.
ABOUT LOANDEPOT
LoanDepot is a California-based nonbank holding financial lender that sells mortgage and non-mortgage lending products. LoanDepot was founded in 2010 by Mr. Anthony Hsieh with the company’s headquarters at Foothill Ranch, California. Based on figures from 2022, LoanDepot has a revenue of $1.25B with around 12000 employees. Known for its emphasis on technology. The company employs a proprietary platform called “Mello” which integrates data-driven decision-making with customer service. This platform aims to simplify the borrowing process, enhance efficiency, and improve the customer experience.
On January 22nd 2024, it became public knowledge that LoanDepot had fallen victim to a form of Cyber-attack called ‘Ransomware’. ALPHV/BlackCat ransomware group came forward to claim the attack that resulted in 16.6m customers’ highly sensitive data potentially being released to the black market for financial gain. During the attack, LoanDepot took its entire system offline in a vain attempt to defend itself from the attack.
On April 2024 FeganScott filed a class action lawsuit against LoanDepot for not taking the correct measures to protect customers’ data, for the time it took for them to detect the attack was happening, and for allegedly not providing adequate notice to those effectively leaving them vulnerable for over a month. If LoanDepot failed to notify customers for over a month, this means the customers wouldn’t have known to change their passwords and secure their accounts with LoanDepot and any other account they were using with the same credentials. ALPHV/BlackCat ransomware group managed to get their hands on 16.6M – addresses, phone numbers, dates of birth, email addresses, financial account numbers, and Social Security numbers. One can only imagine the value of this data on the black market.
UNDERSTANDING RANSOMWARE
Ransomware is a type of malicious software (malware) that cybercriminals use to extort money from victims. It generally operates by encrypting the victim’s files or locking them out of their systems, rendering the data inaccessible. The attacker then demands a ransom, typically in cryptocurrency, in exchange for a decryption key or to restore access to the data. Let’s look at some of the different types of ransomware.
One form of Ransomware is Crypto Ransomware. As I have mentioned above, this is where the attacker encrypts files on the victim’s system and holds them to ransom for the decryption key. Often, the attackers will request funds in Cryptocurrencies in the hope of staying anonymous.
Another form is Locker Ransomware. This type of attack is a bit more intense. Attackers will take full control of the victim’s system and lock them out completely, leaving the victim totally in the hands of the attackers. As you can imagine, losing control of your entire business is a scary prospect to deal with. We must remember, that not every attacker is in it for financial gain. Some just like the power these attacks bring to them and some, quite frankly, just want to test their skills.
Finally, we have Scareware. Scareware is more of a ‘day-to-day’ type of Ransomware most of you reading this may have come across once or twice. Have you ever had a strange pop-up appear warning you that your computer is at risk? Or that there is “harmful malware affecting the speed of your computer”? Once you click on these pop-ups, you will find yourself at a checkout page asking for a sum of money to fix these fake problems on your PC. More often than not, they do not ask for high sums of money on the basis the victim has a higher chance of paying the one-off fee. Once the attacker has your money, chances are you will receive the same pop-up days later as the Ransomware is still operating in the background of your system.
ROUND UP
LoanDepot has been very quiet regarding the breach. In an attempt to gain back customers’ trust, they have offered identity protection and credit monitoring services to the affected customers. As you can imagine, the added stress on the workforce and endless office hours a company must take on to resolve these issues are astronomical. Not to mention court fees and the time and complications that go with these situations. LoanDepot hasn’t commented on whether they have a road plan on how to prevent situations like this from happening in the future or how this attack was successful in the first place. The lack of communication leaves you wondering whether the attack is still going on behind the scenes and exactly what has happened to customer data.
Depending on the size of the company and how dependent they are on their LAN and WAN networks, Ransomware attacks can last for months while negotiating with the attackers in the hope of them either unlocking your system or sending you a decryption key. Business can be hard enough at the best of times without having to deal with these stresses. All of this could have potentially been prevented with proactive cybersecurity and staff having a good understanding of how these attacks work. It is safe to say, that this attack has tarnished LoanDepot’s reputation and left its customers in a position of distrust. You only need to do a quick scan of Reddit to see LoanDepot’s customer reactions. After seeing the aftermath of Amazon’s data breach back in 2023, which resulted in a massive £636 million fine. It will be interesting to see what fate LeonDepot will face.
HOW IT AFFECTS CUSTOMERS
Being a customer who is affected by a data breach is an inconvenience, to say the least. Not only do you need to secure your password with the account you had with the company. You must change any account you have used those credentials with too. Not to mention the multiple different companies you will need to notify that your highly sensitive data is now public knowledge. It results in months of anxiety and worries. Constantly checking accounts to see if you have been billed for something you haven’t purchased. In extreme cases, loans can be taken out in your name that you will never know about until the bill turns up in the mail. If any of these things end up happening to you, it can result in years of financial problems. Think what could happen to your credit score!
This leaves us with one question – Should it be mandatory for companies that hold our incredibly sensitive data to be regularly pen-tested and should they have to advertise to the public what policies are in place regarding Cybersecurity? Even as an owner of a Cybersecurity company. It’s not always at the forefront of my mind when opening a new bank account or dealing with companies that hold my data. With nearly every aspect of our lives becoming tech-based.
GET IN TOUCH
If you enjoyed this blog and found it interesting. Please stick around as I plan to cover more of these attacks in the future.
If you are a company owner and are now wondering if a penetration test (pentest) is something you may benefit from. Please do not hesitate to get in contact and we will be more than happy to discuss with you what your options are and what aspects of your business HubbleSec believes might be at risk, completely free of charge.