Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label LoanDepot. Show all posts

ALPHV Ransomware Strikes: LoanDepot and Prudential Financial Targeted

 


Recently, Prudential Financial and loanDepot, two Fortune 500 companies were attacked by the ALPHV/Blackcat ransomware gang, which claims responsibility for the breaches. Despite the threat actors still having to prove their claims, the two companies were added to ALPHV's dark web leak site today, which is the first time the threat actors have added them to the dark web leak site. As a result of failed negotiations, ALPHV will be selling the stolen data from loanDepot's network and releasing Prudential's data for free as well. 

There was a data leak on the site of the infamous ALPHV ransomware operator - the BlackCat group - that revealed Prudential Financial and loanDepot as being the targets of the attacks on both firms, as an apparent admission by the group that it had been behind the attacks on these firms. Currently, the group has only added the names to its site, while the actual data has not yet been available. Because negotiations with Prudential Financial broke down, the group will be publishing its database for free for all to see. 

A company representative stated that the company would provide free credit monitoring and identity protection to those affected by the data breach. With roughly 6,000 employees and more than $140 billion in loan servicing in the United States, loanDepot is among the largest nonbank retail mortgage lenders in the U.S. A suspected cybercrime group breached Prudential Financial's network on February 4 and stole employee and contractor data. 

Prudential Financial also revealed on Tuesday that this breach occurred on February 4. Despite Prudential's ongoing investigation of the incident, it has not been determined if the attackers also exfiltrated customer or client data, even though the incident is being assessed in its full scope and impact. With revenue expected to exceed $50 billion in 2023, this Fortune 500 company will rank second in the world for life insurance companies in the U.S. 

They employ more than 40,000 people around the world. As part of the State Department's announcement, rewards of up to $10 million are being offered for tips that could lead to the identification or location of ALPHV gang leaders. 

During the first four months of this gang's activity between November 2021 and March 2022, it was linked to more than 60 breaches around the world, and an additional $5 million reward was offered for information on individuals who were either involved or attempted to be involved in ALPHV ransomware attacks. 

Law enforcement agencies estimate that ALPHV will have received at least $300 million through ransom payments from over 1,000 victims by the end of September 2023, as per the law enforcement agency. The Prudential Financial Corporation (Prudential Financial) filed an 8-K form with the Financial Industry Regulatory Authority (FINRA) last week detailing the incident that occurred. 

Although the company is still investigating the incident, its latest findings were that no sensitive information concerning its customers or clients was compromised. More than 40,000 people work for Prudential every year, and as a result, the company has more than $50 billion in revenues each year, making it one of the world's largest financial services companies. 

As a result of the new information, which comes shortly after the U.S. Upon receiving information that could help identify or locate ALPHV leaders, the State Department offered up to $10 million, with an additional $5 million for information on those who participated (or attempted to participate) in the ALPHV ransomware attack, for information that could lead to that identification. 

One of the most popular and active ransomware groups, next to LockBit, or Cl0p, is ALPHV. It has made headlines across the globe for its activism and popularity. In the latter half of 2021, it became apparent that DarkSide and BlackMatter had merged, possibly after these two companies merged. ALPHV and its affiliates are believed to have extorted hundreds of millions of dollars from its victims during its lifetime.

Guardians of Finance: loanDepot Confronts Alleged Ransomware Offensive

 


Among the leading lenders in the United States, loanDepot has confirmed that the cyber incident it announced over the weekend was a ransomware attack that encrypted data. In the United States, LoanDepot is one of the biggest nonbank mortgage lenders. 

With over $140 billion in loan services and approximately 6,000 employees, this company is the largest nonbank loan broker. It was reported that customers were having issues when trying to access the loanDepot payment portal on Saturday, which prevented them from paying loans or contacting them. 

As a result of a cyberattack that disrupted the loan processing and telephone service of loanDepot, the U.S. retail mortgage lender is struggling to recover. A company filing on Monday with the Securities and Exchange Commission informed investors that data had been encrypted by a “third party” who broke into the company’s computer system by gaining access to it. 

As part of its efforts to contain the incident, certain unspecified systems had been shut down. A spokesperson for the Irvine, California-based firm said they had contacted law enforcement and were still determining the extent to which the attack could have an impact on their operation. 

According to BleepingComputer, this attack is the fifth-largest retail mortgage lender in the country and has been funding more than $275 billion in loans since it was founded in 2010. The company has been in business since 2010 and has more than 6,000 employees. 

As of 2022, it has generated a revenue of $1.8 billion. According to the company, during a cyberattack that took place in August 2022, an unknown number of customers' information was accessed. A loanDepot team of cybersecurity experts generated an investigation after discovering that a security breach had occurred, and they began notifying relevant agencies and regulators as soon as they became aware of the problem.

In the aftermath of the attack, the company informed its customers that automatic recurring payments would still be processed, but would take a while before they would appear in their account history. In any case, affected customers are advised to contact the call centre for assistance if they wish to make new payments through the servicing portal. 

New payments will not be possible through this portal. In contrast to what loanDepot states, which claims that the threat actors gained access to systems and encrypted files, ransomware gangs have been known to steal company and customer data as leverage when they attempt to pressure victims into paying a ransom to prevent them from making a payment in the first place. 

It is important to stay alert for potential phishing attacks and identity theft attempts because loanDepot holds sensitive customer data such as financial and bank account information. After a cyberattack targeted the company on August 20, 2022, loanDepot disclosed in May 2023 that the company had suffered a data breach as a result of the cyberattack. 

There was a cyberattack by a cybercriminal that resulted in a data breach that exposed the personal data of 14.7 million customers of the mortgage giant Mr Cooper in November 2023. A copy of the cyberattack that occurred before Christmas affected some of the systems of First American Financial Corporation (FAFC), which was one of the target companies in the U.S. title insurance industry. 

Fidelity National Financial was hit by a ransomware attack in November, which knocked the company down for more than a week due to a ransomware attack on one of the largest insurance providers in the United States. A December cyberattack claimed the identity of more than 14 million customers of the mortgage and loan company Mr Cooper.

It came in the wake of an attack in October that compromised the personal data of the company's customers. Cooper said that as a result of the incident the company was expected to have to incur more than $25 million in additional costs as a result of the incident, primarily because of the credit monitoring that it will have to do for its affected customers.