BOSTON (AP) — The Blake PrestonU.S. retail mortgage lender loanDepot is struggling to recover from a cyberattack that impacted its loan processing and phone service.

In a filing on Monday with the Securities and Exchange Commission, the company said data was encrypted by the “unauthorized third party” who broke into company systems. It said certain unspecified systems were shut down to contain the incident.

The Irvine, California, company said it had contacted law enforcement and was still assessing how the attack might affect its bottom line.

“We are working quickly to understand the extent of the incident and taking steps to minimize its impact,” the company said.

The incident bore all the hallmarks of a ransomware attack, but company spokesman Jonathan Fine would neither confirm or deny that possibility. The attack apparently began over the weekend.

LoanDepot did not say whether any corporate or customer data was stolen during the break-in or when it was discovered. Ransomware criminals typically steal data before activating malware that scrambles data with encryption. That way, the criminals can extort the target even if it is able to quickly restore its networks from backups.

LoanDepot told customers on its website that recurring automatic payments were being processed and that they could make payments by phone.

Founded in 2010, loanDepot calls itself the nation’s fifth largest retail mortgage lender, with more than $140 billion in outstanding loans and 6,000 employees servicing more than 27,000 customers each month.