Ransomware victim disclosure
← All victimsLoanDepot
Claimed by ALPHV/BlackCat · listed 2 years ago
Status timeline
- ListedFeb 16, 2024
- Data leakeddate unknown
At a glance
- Group
- ALPHV/BlackCat
- Status
- Data leaked
- Country
- United States
- Sector
- Financial
- Listed on leak site
- Feb 16, 2024
About the victim
AI dossier — public-source company profileloanDepot is a nonbank holding company based in Irvine, California that provides mortgage and non-mortgage lending products including home equity loans, cash-out refinancing, personal loans, and various mortgage programs (fixed-rate, adjustable-rate, VA, FHA). The company operates a digital-first platform with mobile app and online document processing.
- Industry
- Mortgage & Non-Mortgage Lending
- Address
- Irvine, California, United States
Attack summary
Severity: medium — Victim is a major financial services company handling sensitive mortgage and lending data at scale; however, the leak post is minimal and provides no explicit proof of data exfiltration or operational disruption. Classification reflects the financial sector sensitivity and likelihood of PII exposure, but absence of concrete evidence or proof artifacts limits confidence.ALPHV claims to have attacked loanDepot. The group's post provides minimal detail on the specific attack method or data exfiltrated; no explicit claim of encryption, exfiltration, or operational impact is stated in the truncated leak post provided.
Data the group says was taken
AI dossier — extracted from the leak post- Customer personal information
- Loan application records
- Financial documents
- Account credentials
What the group claims
LoanDepot, is an Irvine, California-based nonbank holding company which sells mortgage and non-mortgage lending products.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

