lockbit2 attacks LakeView

Incident Date:

February 27, 2022

World map



lockbit2 attacks LakeView






Chicago, USA

Texas, USA

First Reported

February 27, 2022

Lakeview Loan Servicing Faces Ransomware Attack

Company Overview

Lakeview Loan Servicing, a prominent entity in the mortgage loan servicing sector, holds a 4.6% market share of all agency loans, with a portfolio amounting to $374.8 billion in total unpaid principal. Despite its substantial market presence, the company has been under scrutiny for its management of a data breach in late 2021, which compromised the personal information of thousands of its customers, raising concerns over identity theft and fraud.

Vulnerabilities and Impact

The ransomware attack orchestrated by the Lockbit2 group has significantly disrupted Lakeview Loan Servicing's operations. The assault led to the shutdown of the company's website and telephone services, impacting its mortgage payment processing capabilities and leaving customers in a state of uncertainty regarding their financial commitments. This incident, coupled with a preceding data breach, underscores the company's challenges in safeguarding customer data against potential identity theft and fraud, highlighting exposed vulnerabilities in its cybersecurity measures.

Response and Mitigation

Fidelity National Financial, the parent entity of Lakeview Loan Servicing, has acknowledged the containment of the cyberattack. Nonetheless, the full scope of the damage and the company's comprehensive response strategy remain undisclosed. Post-attack critiques have focused on Lakeview Loan Servicing's data breach management and its inadequate data encryption and system protection measures, which failed to prevent unauthorized access to sensitive customer information.

The ransomware attack on Lakeview Loan Servicing underscores the persistent cybersecurity challenges within the mortgage loan servicing industry, emphasizing the importance of robust data protection practices and operational resilience against cyber threats. The industry will closely monitor the company's recovery efforts and its strategies to mitigate the impact on its customers and restore trust.


  • Lakeview: Fourth Largest Mortgage Loan Servicer in the U.S.
  • Lakeview Loan Servicing Faces Multiple Lawsuits Over Data Breach
  • Lakeview/Loancare Website Down?
  • Ransomware 'catastrophe' at Fidelity National Financial causes panic
  • Mr. Cooper (Lakeview) mortgage confirms cyber security incident
  • After a week-long outage, Fidelity National Financial confirms cyberattack is now contained

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.