Ransomware victim disclosure
← All victimsLoanDepot
Claimed by ALPHV/BlackCat · listed 2 years ago
Status timeline
- ListedFeb 16, 2024
- Data leakeddate unknown
At a glance
- Group
- ALPHV/BlackCat
- Status
- Data leaked
- Country
- United States
- Sector
- Financial
- Listed on leak site
- Feb 16, 2024
About the victim
AI dossier — public-source company profileloanDepot is a nonbank holding company based in Irvine, California that provides mortgage and non-mortgage lending products including home equity loans, cash-out refinances, personal loans, and VA/FHA mortgage programs. The company operates a direct-to-consumer online lending platform with mobile app support.
- Industry
- Mortgage & Non-Mortgage Lending
- Address
- Irvine, California, United States
Attack summary
Severity: high — loanDepot is a major financial services firm handling sensitive customer data (mortgage applications, personal financial information, SSNs, banking details). The disclosed_status indicates data was published. Even without explicit proof counts or inventories in the truncated post, a confirmed breach of a large-scale lending platform with published data carries high severity due to the regulated nature of financial services and scale of potential PII exposure.ALPHV/BlackCat claims to have compromised loanDepot and published data. The group's post does not specify whether encryption, exfiltration, or both occurred, nor does it detail what data categories were affected.
What the group claims
LoanDepot, is an Irvine, California-based nonbank holding company which sells mortgage and non-mortgage lending products.
Sources
- Victim siteloandepot.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

