Online mortgage lender loanDepot has agreed to a $25 million settlement over a 2024 data breach that leaked the sensitive information of 16.9 million customers. The breach, occurring between January 3-5, 2024, exposed names, addresses, financial account numbers, social security numbers, and more. The plaintiffs of the class action lawsuit allege that loanDepot failed to establish sufficient cybersecurity measures and train employees properly, which could have prevented the breach. As part of the settlement, affected individuals who received a data breach notice from loanDepot are entitled to a cash payment that varies based on their participation rate. Californian residents may receive additional payments under the California Consumer Privacy Act. The settlement also includes provisions for class members who incurred out-of-pocket expenses due to the breach, with reimbursements of up to $5,000 covering a wide range of loss-related costs. In addition to the financial settlement, all class members are eligible for two years of free credit monitoring or identity theft protection services. loanDepot, while not admitting any wrongdoing, has committed to enhancing its security measures to better protect consumer and employee information. Proposed enhancements include improved data management, increased cloud security, and better threat detection capabilities, valued at around $9.34 million. This lawsuit highlights the growing importance and cost of data security in the digital age, especially within industries handling sensitive customer information.