LoanDepot Data Breach Update: Lawsuit Filed After 16.6M People Impacted by January 2024 Incident

New to ClassAction.org? Read our Newswire Disclaimer

LoanDepot faces a proposed class action lawsuit over a January 2024 data breach that reportedly impacted roughly 16.6 million people. 

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here. 

The 34-page loanDepot data breach lawsuit says that the mortgage and lending products seller announced on its website on January 8 that it was experiencing a “cyber incident” and working to “restore normal business operations as quickly as possible.” Per the case, the company stated in a Securities and Exchange Commission (SEC) filing on the same day that it had determined that an unauthorized third party had accessed certain loanDepot systems and encrypted data, and that the company promptly took steps to “contain and respond to the incident.” 

Around this time, the suit says, loanDepot’s website appeared to be nonfunctional, displaying an error message on its customer login page and requesting that customers looking to make a payment call or mail in their payment instead. 

In a January 22 SEC filing, the complaint relays, loanDepot, reportedly the nation’s fifth-largest retail mortgage lender, confirmed that the unauthorized party behind the incident gained access to the sensitive personal information of around 16.6 million people, to whom the company said it would send notice and offer credit monitoring and identity theft protection services for free. 

Although the loanDepot data breach notice does not state what kinds of personal consumer information may have been accessed and/or stolen during the incident, the lawsuit asserts that the compromised data likely includes: 

• Identifying information, including name, address, phone number and Social Security number;
• Employment details;
• Contact information, including mailing addresses, home addresses and email addresses;
• Account access information, including usernames and passwords;
• Demographic details, including gender, marital status, ethnicity and race;
• Driver’s license, passport and government ID numbers;
• Loan account specifics; and
• Bank account and credit/debit card numbers. 

The case contends that loanDepot was aware of the risks of a data breach and that the company “would be specifically targeted by malicious hackers,” in particular in the wake of an August 2022 data security incident that was not announced publicly until the following May. 

“As a result of Defendant’s willful failure to prevent the Data Breach, Plaintiff and Class members are more susceptible to identity theft and have experienced, and will continue to experience, and face an increased risk of financial harms, in that they are at substantial risk of identity theft, fraud, and other harm,” the lawsuit states. 

The case looks to cover all persons nationwide who have utilized loanDepot’s title insurance, homeowner’s insurance, mortgages, refinancing, home warranties or other closing services. 

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.