Ellie Mae, the mortgage technology vendor, confirmed late Tuesday that its recent outages, which have forced lenders to delay loan closings, resulted from a flood of service requests "characteristic of a distributed denial of service" attack.
The Pleasanton, Calif., company said it found no evidence of a data breach and that borrowers' personal data "remain secure." Ellie Mae "has taken actions to isolate the suspicious activity and prevent future unwarranted access," and continues to work on restoring full service for users of Encompass, its loan origination system.
As reported earlier, loan closings delayed by the attack have forced lenders to pay for rate lock extensions and hedging losses. Home closings funded by purchase mortgages have been delayed, presumably inconveniencing consumers who need to move house.
"We recognize the critical role our services play in enabling our clients to serve their customers and deeply regret the inconvenience and delays they are experiencing," Sig Anderman, Ellie Mae's founder and chief executive, said in a press release.
The company said it has hired "third party forensic specialists to collect evidence to determine appropriate steps with authorities."
Worldwide DDoS attacks remained at an all-time high during the fourth quarter of 2013, including some of the largest attacks ever seen, according to a report issued in January by the technology provider Prolexis. Financial services companies, including banks, are frequent victims of such attacks, in which malicious parties overwhelm a company's servers with communications requests so it cannot adequately respond to legitimate users.