Ellie Mae Confirms No Breach of Data in Recent Outage

Ellie Mae® ELLI, a leading provider of enterprise level, on-demand automated solutions for the residential mortgage industry, today reported its conclusion that the recent outage to its Encompass services was not a result of a malicious attack and confirmed that there was no breach of customer data. The characteristics of the outage initially appeared to the Company to be consistent with a distributed denial of service (DDoS) attack. However, following a thorough review of the incident, with assistance from a leading security and cybercrime forensics firm, Ellie Mae has now concluded that there was no malicious attack on its systems. Accordingly, the Company confirmed there was no breach of client or personal borrower data. The unexpected surge in service requests to web servers that resulted in the outage on March 31, 2014 was triggered by a confluence of factors involving network, hardware, software and demand for service. Ellie Mae has already taken a number of steps in response to this incident, including adding capacity and redistributing traffic across its data centers. The IT infrastructure has been functioning normally since mid-afternoon Pacific Daylight Time on April 1, 2014. Sig Anderman, CEO and founder of Ellie Mae, said, “We are pleased to confirm there was no breach of client or borrower data. We sincerely apologize to our clients and any affected borrowers for the unavailability of Encompass services during the outage, and thank them for their patience and understanding as we worked to bring the system back to normal functioning levels. We are focused on continuing to enhance our systems to deliver the functionality, reliability and scalability our clients need to run their businesses, remain compliant and originate high quality loans efficiently.”