Ellie Mae Says No Evidence of Malicious Attack, No Breach of Data in Recent Outage

April 17, 2014

Ellie Mae, a loan origination system provider reported that the recent outage to its Encompass services was not a result of a malicious attack and confirmed that there was no breach of customer data.

The characteristics of the outage initially appeared to the Company to be consistent with a distributed denial of service (DDoS) attack. ( Malicious Attack on Loan Origination Software Provider Stalls Closings )

However, following a thorough review of the incident, with assistance from a security and cybercrime forensics firm, Ellie Mae concluded that there was no malicious attack on its systems. Accordingly, the company confirmed there was no breach of client or personal borrower data. The unexpected surge in service requests to web servers that resulted in the outage on March 31 was triggered by a confluence of factors involving network, hardware, software and demand for service.

Ellie Mae said it has already taken a number of steps in response to this incident, including adding capacity and redistributing traffic across its data centers. The IT infrastructure has been functioning normally since mid-afternoon Pacific Daylight Time on April 1.

“We sincerely apologize to our clients and any affected borrowers for the unavailability of Encompass services during the outage, and thank them for their patience and understanding as we worked to bring the system back to normal functioning levels,” said Sig Anderman, CEO and founder of Ellie Mae. “We are focused on continuing to enhance our systems to deliver the functionality, reliability and scalability our clients need to run their businesses, remain compliant and originate high-quality loans efficiently."

Contact ALTA at 202-296-3671 or communications@alta.org.