U.S. mortgage lender LoanDepot Inc. is the latest company to be hit by a cyberattack that affected internal systems and caused disruption for customers.

The attack reportedly occurred over the weekend, with the company officially disclosing the attack in an 8-K filing with the U.S. Securities and Exchange Commission. In the filing, LoanDepot describes the attack as a “cybersecurity incident affecting certain of the company’s systems.”

LoanDepot said that upon detecting unauthorized activity, it promptly took steps to contain and respond to the incident, ticking off a typical incident response list: launching an investigation, hiring third-party cybersecurity experts and notifying applicable regulators and law enforcement.

“Though our investigation is ongoing, at this time, the company has determined that the unauthorized third-party activity included access to certain company systems and the encryption of data,” LoanDepot wrote. “In response, the Company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.”

“The company will continue to assess the impact of the incident and whether the incident may have a material impact on the company,” the company added.

Although it didn’t disclose the form of attack, a hint came where it mentioned “the encryption of data.” If data was encrypted in the attack, that makes the attack almost certainly ransomware.

No ransomware gang has yet claimed responsibility for the attack, but that may well change in the coming days. Depending on the ransomware gang behind the attack, the attack is likely to have involved the theft of data in a so-called double tap ransomware attack: Encrypting and stealing data has been the most common form of ransomware attack over the last year.

If data has been stolen, it will be a potential treasure trove of data, including personally identifiable information. As of April last year, the company was the third-largest mortgage lender in the U.S., providing mortgages to millions of customers.

The timing of the attack also has potential legal ramifications, given new disclosure regulations that came into force last month.

“Given that LoanDepot is publicly traded, this could be one of the first companies to understand the impact of the new SEC requirements that went into effect last month,” Piyush Pandey, chief executive at application security company Pathlock Inc., told SiliconANGLE. “It is interesting that the company is still trying to determine whether the incident is ‘material’ or not.”

The SEC requirements might apply given that it’s a public company, Pandey added. “However, the challenge is whether this is a ‘material’ incident based on the SEC definition,” he said. “If so, they will have to disclose this in their next 8K report and document their security processes in their 10K at the end of the year.”

Image: LoanDepot