In a fortuitous reversal for Ellie Mae, the company announced that a previously reported outage stemming from a presumed cyber-attack was in fact "triggered by a confluence of factors involving network, hardware, software and demand for service."
The company previously reported that the outage was similar to a distributed denial of service (DDoS) attack, where an unknown third-party would send multiple requests to a specific URL in an attempt to overwhelm servers. The company hypothesized that a cyber-attack could have occurred from, specifically from someone with knowledge of the mortgage industry
Late Monday, the company issued a press release noting that there in fact had been no attack on its system. A company press release said, "[F]ollowing a thorough review of the incident, with assistance from a leading security and cybercrime forensics firm, Ellie Mae has now concluded that there was no malicious attack on its systems."
Furthermore, the company commented that there was no breach of client or personal borrower data. Additionally, Ellie Mae noted that it has already taken steps to prevent outages in the future, including adding capacity and redistributing traffic across all of its data centers, according to the company's press release.
Sig Anderman, CEO and founder of Ellie Mae, said, "We are pleased to confirm there was no breach of client or borrower data. We sincerely apologize to our clients and any affected borrowers for the unavailability of Encompass services during the outage, and thank them for their patience and understanding as we worked to bring the system back to normal functioning levels."
Anderman added, "We are focused on continuing to enhance our systems to deliver the functionality, reliability and scalability our clients need to run their businesses, remain compliant and originate high quality loans efficiently."
A media contact for Ellie Mae declined to comment further, referring back to the company's press release.