Denial-of-Service Attack Likely Culprit in Ellie Mae Outage
Mortgage technology developer Ellie Mae has suffered a series of outages and service disruptions, likely caused by a denial-of-service attack, that have delayed loan closings and left workers idle at quarter's end, a critical time for lenders.
The attack began as early as Sunday, but caused the most disruption on Monday and Tuesday, according to lender users of the self-hosted and software-as-a-service versions of Ellie Mae's Encompass loan origination system.
"I haven't heard any official confirmation that it was a denial-of-service attack, but all the pieces fit together," says Keith Luedeman, CEO of goodmortgage.com, a self-hosted Encompass user. "Most of the services are intermittent; sometimes they're completely unavailable, which happens when a denial-of-service attack spikes, and then they become intermittent as you kind of get through it. That just fits with a denial-of-service."
Loan closings delayed by the attack have forced lenders to pay for rate lock extensions and hedging losses, while home closings funded by purchase mortgages have also been delayed.
The attack has affected the LOS itself, as well as the Ellie Mae Network, a communication medium and delivery channel for third-party underwriting services like document preparation, income and employment verification, and credit checks.
Jonathan Corr, Ellie Mae's president and chief operating officer, notified lenders of the outage in an email.
"As you are probably aware, Ellie Mae is experiencing an issue with Encompass that is affecting a number of our clients. This is resulting in delays in processing loans, or in some cases, the inability for some of our clients to close loans," he wrote. "Ellie Mae realizes the impact that this may have on your business, particularly considering that today is month and quarter end. We sincerely apologize to you, your partners, and your clients for the delays."
Through a spokesperson, Ellie Mae declined to comment.
Lenders using the SaaS version of Encompass have been unable to access Ellie Mae's servers. And even though self-hosted users store the software and their data on their own servers, the technology must still connect with Ellie Mae's servers for authentication and to access the Ellie Mae Network.
"We're not having a data access issue because we are self-hosted; the problem is that we're not getting access to the services in the Ellie Mae Network," Luedeman says. "I don’t think anything is broken because of an upgrade or a change, but that's just my opinion based on what I've seen."
Loans at all stages of the underwriting process are affected because lenders access most underwriting services through the Ellie Mae Network. And many of these services, including document preparation, compliance reviews and Internal Revenue Service 4506-T verification requests, are also provided by Ellie Mae.
To work around these issues, third-party vendors are helping lenders access their technology outside of their integration with Ellie Mae.
"We knew there was a problem because we got a tenfold increase from Ellie Mae customers requesting docs through our Web portal instead of through Ellie Mae's integration," says Tim Anderson, director of eServices at doc prep technology provider DocMagic.
Rather than accessing the vendor's service from within the LOS, lenders are exporting files from Encompass and using DocMagic's browser-based interface to manually upload the data needed to generate document packages. "They're just coming in through a different front door," Anderson explains.
The apparent denial-of-service attack comes after Ellie Mae was affected by a series of outages in February. In that case, an Internet service provider disruption was the culprit of various connectivity issues that prevented access to the technology.
UPDATE (7:53PM) Ellie Mae has confirmed that a denial-of-service attack caused the outages.