Loan Depot data breach: what happened and how to protect your financial information

Loan Depot, the second largest non-bank lender in America, faced a massive security incident in January 2024. The Loan Depot data breach impacted nearly 17 million people, including people who had never knowingly interacted with LoanDepot.

The growing number of security incidents involving credit and mortgage institutions, such as Fidelity National Financial or Mr. Cooper Group, highlight systemic vulnerabilities and security misconfigurations even among the industry leaders. These breaches pose a serious threat to your financial security and reinforce the urgent need for stronger data protection measures for both companies and the customers they serve.

In this article, we’ll explore what happened during the Loan Depot security breach and discuss what you can do to minimize immediate damage and protect your data over the long term.

What happened in the Loan Depot data breach?

When did the breach occur?

The timeline of the LoanDepot breach incident is as follows:

• Date(s) breach occurred: January 3–5, 2024
• Date(s) breach discovered: January 4, 2024
• Date(s) breach disclosed to the public: January 8, 2024
• Date(s) breach confirmed: January 22, 2024

On or about January 4, 2024, Loan Depot identified a potential security incident, took multiple systems offline and initiated a forensic investigation. The investigation found that an unauthorized third-party accessed some of the company’s systems between January 3rd and January 5th, which resulted in the compromise of sensitive personal information.

On February 16th, the ALPHV/BlackCat ransomware gang claimed responsibility for the attack on LoanDepot systems.

What data was compromised?

• Names
• Birth dates  
• Email addresses
• Street addresses
• Phone numbers
• Financial account numbers
• Social Security numbers

How many customers were affected?

The Loan Depot data breach affected a total of 16.9 million people. Even customers of many years ago and those who had never knowingly interacted with LoanDepot were affected. 

Many recipients of the breach notification expressed concern on Reddit, shocked to learn that their personal data had been compromised despite having no known connection to the mortgage lender. 

How did Loan Depot address the breach?

Loan Depot took some of its systems offline while it probed the attack. The company invited outside digital forensic and cybersecurity experts to help examine and remediate the incident.

Loan Depot made several public statements following the breach:

• The initial breach disclosure took place on January 4th when Loan Depot filed a Form 8-K with the Securities and Exchange Commission.
  
• On January 22nd, the company provided a detailed impact report. LoanDepot’s officials apologized for the incident and announced that their systems are back online. “Unfortunately, we live in a world where these types of attacks are increasingly frequent and sophisticated, and our industry has not been spared. We sincerely regret any impact to our customers,” said the firm’s CEO Frank Martell. “The entire loanDepot team has worked tirelessly throughout this incident to support our customers, our partners and each other. I am pleased by our progress in quickly bringing our systems back online and restoring normal business operations.”
  
• The company created a dedicated website–loandepot.cyberincidentupdate.com–to centralize communications and keep its customers, partners, and employees informed on further changes.
  
• On February 23rd, the company sent data breach notification letters to affected customers. In the Loan Depot notice of data breach, the firm specified what happened and what type of data was compromised, and offered two years of free identity protection services by Experian IdentityWorks. The offer included free credit monitoring, ID theft insurance, and fraud resolution support.

What were the legal consequences of the breach?

The Loan Depot security breach led to a class action against the company. At the time of filing, the Settlement Class included approximately 16,924,007 individuals–everyone who received the breach notice from LoanDepot. Before April 27, 2025, the affected individuals could exclude themselves from the settlement or submit a claim for the reimbursement of out-of-pocket costs via the official website loandepotbreachsettlement.com
(before May 27, 2025).

The main legal claims introduced by plaintiffs included negligence, retention of unnecessary data, failure to safeguard data, and late notifications. Loan Depot did not admit any wrongdoing but agreed to the following settlement:

• A total of $86.6 million class-action settlement.
• From $5.30 to $70.71 in cash payment for all class members depending on their participation rate.
• From $14.90 to $149.04 in additional payments to California-based class members under the California Consumer Privacy Act payment.
• Up to $5,000 reimbursement for documented losses.

How did customers react to the Loan Depot security breach?

The incident caused massive confusion and distrust on social media. Numerous users reported frustration after receiving breach notifications because they never had mortgage, loan applications, or contact with the company. “I just received one of these letters. I have no associations with LoanDepot,” said one Redditor.

Due to no apparent relationship with LoanDepot, many people questioned the letter’s legitimacy and suspected phishing attempts. The growing confusion made some reach out to the media to verify if the breach notification letter was real. 

When it became clear that the Loan Depot data breach did happen, multiple theories emerged–some Reddit users speculated that their information was sourced through third-party platforms like LendingTree or Rocket Mortgage, where personal data is often shared with multiple lenders as part of the prequalification process. Others pointed to credit bureaus as a potential data source. This raised a broader concern–users felt blindsided by the financial industry’s non-transparent data collection and exchange that put them at risk.

Why may you have been affected by the Loan Depot data breach even if you never used their services?

The Loan Depot security breach has shown us that anyone may be at risk even without knowingly interacting with the company. This often happens when you share your personal information through loan comparison platforms or prequalification tools, which can trigger soft credit checks and distribute your data to multiple lenders, including LoanDepot. In many cases, this means companies can store your information even if you never applied with them directly.

The situation is further complicated by the lack of transparency around how long companies retain consumer data. Without strong data privacy regulations like the CCPA or GDPR, individuals have limited control over how their data is stored, shared, or deleted.

Why are financial data breaches a serious threat?

Financial service providers are frequent targets of cyber-attacks because of the large amounts of highly sensitive customer data they store. When information such as names, addresses, phone numbers, Social Security numbers, and financial account numbers is exposed, it gives cybercriminals all they need to commit serious fraud.

The potential consequences include:

• Identity theft
• Drained financial accounts
• Fraudulent credit lines
• Targeted impersonation scams
• False tax returns
• Credit score damage

These threats are not hypothetical. One Reddit user, for example, reported immediate fallout after the LoanDepot breach: “…since January apparently when this all [data breach] happened my dad has cancelled his American Express discover and other cards because they all had fraudulent purchases on them. Not even a month later the new discover card was showing fraud again.”

This incident highlights how quickly exposed financial data can be weaponized, even after steps are taken to contain the damage.

How do you check if your data was leaked?

To find out if your data was exposed in the LoanDepot breach, first, check your email for an official data breach notification letter from the company. If you never received a letter but suspect data compromise, here are the steps you can take:

Monitor the dark web

Set up a monitoring profile with Google–go to ‘Dark web report’, click ‘Start monitoring’, select the data you want to monitor, and click ‘Allow’. Once you set up your profile, Google will monitor the dark web and notify you if any of your data is found in breaches. The monitoring profile can help you track if your email address, password, name, phone number, or date of birth are compromised. You can also add your physical address to monitor it as well.

Additionally, you can use databreach.com to check if your Social Security number was in a breach.

Check for suspicious activity on your accounts

Carefully check your bank and credit card statements for any suspicious activity. Any logins, purchases, new credit lines, and other actions you didn’t make could be a sign of identity theft.

Don’t wait–notify your financial institution as soon as you detect any suspicious activity.

What can help protect your financial information immediately after a breach like Loan Depot?

If your data was exposed in a breach like Loan Depot,  a few measures can be taken instantly to minimize your risks.

Fraud alerts and credit freezes

Fraud alerts place a note about a possible data compromise on your credit report. They require potential creditors to verify your identity more meticulously before they can issue new cards or credit lines in your name, preventing criminals from performing unauthorized actions.

You can set fraud alerts with all three major credit reporting agencies:

• Equifax: 1-800-525-6285 or online
• Experian: 1-888-397-3742 or online
• Transunion: 1-800-680-7289 or online

You can also freeze your credit report and block anyone from opening new credit accounts while the freeze is active. To place a credit freeze, make respective requests in the three major credit agencies online, by phone, or by mail.

Strong, different passwords across accounts

Change existing passwords to your email, online banking, credit and mortgage accounts to prevent unauthorized access. Use a unique password for each account, and make sure it’s long (at least 16 characters), with a random mix of uppercase and lowercase letters, numbers and symbols for maximum security.

Multi-factor authentication

Multi-factor authentication (MFA) is a powerful security feature that helps prevent account takeovers by requiring more than just a password to access your accounts. It typically involves a combination of verification methods, such as fingerprint scans, facial recognition, or one-time codes sent to your phone. For maximum protection, enable MFA for all your online accounts.

Financial statements and credit reports review

Keep a close eye on your financial reports to notice any suspicious activity early. You can request free annual reports from all three credit bureaus using annualcreditreport.com. For more frequent reports, you can create accounts with Equifax and Experian.

How can you protect your personal and financial data in the long run?

Unfortunately, the Loan Depot data breach is just one of many cyber-attacks targeting financial and mortgage institutions. While there is no way to safeguard yourself from these breaches completely, you can take proactive steps to prepare for potential incidents and minimize the impact of future threats.

Minimize your digital footprint

All the information available about you online contributes to your digital footprint, which cybercriminals can exploit for phishing, password guessing, and other malicious activities. You can reduce your exposure by being mindful of what you share online and regularly auditing your digital presence—deleting unused accounts, outdated profiles, and other publicly accessible personal information.

That includes removing your information from data broker websites that collect and publish it without your consent. These sites are frequently exploited by threat actors to gather more information about you in order to make phishing emails more credible or identity theft easier to execute. Reducing your visibility on these platforms can significantly limit how much information cybercriminals can weaponize against you.

Safeguard documents that have personal information

Important documents like financial records and Social Security numbers can enable identity theft and large-scale financial fraud if they fall into the wrong hands. That’s why it’s crucial to store them securely. Keep physical copies in a safe place, such as a locked file cabinet or a safe deposit box, and store digital versions in encrypted, secure storage. Avoid keeping copies in your email inbox, unencrypted cloud accounts, or on easily lost or stolen devices.

Use privacy-protecting apps and services

These days, you have access to a wide range of solutions designed to enhance your online security and privacy–ranging from private browsers and data removal services to VPNs and password managers. Leverage these tools to protect your data from potential breaches and attacks. 

Keep your devices updated

Even secured and trusted devices may have system vulnerabilities that cybercriminals can exploit. Developers regularly monitor devices for these weaknesses and address them through security patches and software updates. That’s why it’s essential to keep your devices up to date by installing updates as soon as they become available.

Recognize phishing and online scams

Many forms of online scams and phishing allow criminals to trick you into sharing your details with them. It’s crucial to educate yourself about common scam techniques to be able to recognize them and ensure you don’t disclose your sensitive information.

FAQs

What should I do if my information was exposed in the Loan Depot breach?

If you received an official Loan Depot notice of data breach, instantly change your current passwords for strong and unique ones and enable multi-factor authentication. Also, set fraud alerts, place credit freezes with three major credit bureaus, and check your financial reports for unauthorized activity.

How do I know if my financial data is at risk?

Remember that no one is 100% safe, and even leading financial institutions can be targeted, and the sensitive data they store can be compromised. To find out if your data has been breached, watch for official breach notifications from your financial institution via email or mail. Additionally, regularly review your statements for any unusual or unauthorized activity. 

Can I remove my personal information from the internet?

Yes, you can remove much of your personal information from the internet, but it requires a multi-step approach.

Start by deleting anything you’ve shared yourself, such as posts on social media, blogs, or public websites. If others have published information about you, you’ll need to contact the site administrators or webmasters and request that they take it down.

Next, focus on removing your data from data brokers and people-search websites, which collect and publish personal details for profit. Fortunately, data brokers are legally required to remove your information upon request, so the process is doable but may take time and persistence. The main challenge is the volume of sites and the number of individual opt-out requests you’ll need to make.

The good news is that once your data is removed from these platforms, it will also disappear from search engine results like Google. You can complete the removals manually or use a data removal service like Onerep, which scans over 210 people-search websites, automatically identifies where your personal information is published, removes it, and continuously monitors to ensure it doesn’t resurface.