Class Actions Lawsuits
Data Breach

NPE / LoanDepot Mortgage Lender Data Breach Class Action

Data Breach class action lawsuit

Case Overview

In January 2024, loanDepot — one of the largest non-bank mortgage lenders in the United States — suffered a devastating ransomware cyberattack that crippled its IT systems and exposed the personal and financial data of approximately 16.9 million customers. The compromised data included full names, addresses, Social Security numbers, dates of birth, financial account numbers, and mortgage loan information. Following the breach, loanDepot was forced to take its systems offline, causing widespread disruption to loan origination and payment processing for millions of customers. Multiple class action lawsuits were quickly filed and subsequently consolidated in the Central District of California.

Plaintiffs allege that loanDepot failed to implement adequate cybersecurity measures despite being a high-value target holding extraordinarily sensitive consumer financial data, and that the company was negligent in its data protection obligations under various state and federal laws. The complaint asserts claims of negligence, breach of implied contract, unjust enrichment, and violations of California's Consumer Privacy Act (CCPA) and other state data protection statutes. As of 2025, the consolidated litigation is in active discovery, with plaintiffs pursuing class certification. The case is being closely watched as one of the largest financial-sector data breaches in recent years.

Who May Qualify

Current or former loanDepot customers whose personal or financial information was compromised in the January 2024 data breach, including individuals who received a breach notification letter from loanDepot.

Frequently Asked Questions

Was I affected by the loanDepot data breach?

If you are a current or former loanDepot customer, your data may have been exposed. loanDepot notified approximately 16.9 million affected individuals by mail. If you received a notification letter or applied for a mortgage with loanDepot, you are likely among those affected.

What information was stolen in the loanDepot cyberattack?

The breach exposed a wide range of sensitive data including full names, Social Security numbers, dates of birth, physical addresses, financial account numbers, and mortgage loan details. This type of data can be used for identity theft and financial fraud.

Can I sue loanDepot for the data breach?

Yes, a consolidated class action is currently pending in federal court in California on behalf of affected customers. You may be eligible to participate as a class member if your data was compromised in the January 2024 breach.