Hackers have successfully breached the security of Mr. Cooper, a prominent mortgage and loan company, stealing sensitive personal information from more than 14.6 million customers. Confirmation of this cyberattack was made through a filing with the attorney general’s office in Maine, in which Mr. Cooper disclosed that customer names, addresses, dates of birth, phone numbers, Social Security numbers, and bank account numbers were among the stolen data. This announcement follows earlier claims by Mr. Cooper that customer banking information stored by a third-party company was not affected.
A separate filing with federal regulators on Friday revealed that the hackers gained access to personal data of “substantially all” current and former Mr. Cooper customers. This number far exceeds the four million existing customers listed on the company’s website, likely due to the historical data that Mr. Cooper retains on mortgage holders. The breached data also includes personal information of those whose mortgages were previously serviced by the company when it was known as Nationstar Mortgage, prior to its rebranding as Mr. Cooper. In addition, customers of sister brands may also be affected.
On October 31, the day of the breach, Mr. Cooper initially notified customers that their systems were offline due to an outage. However, it was later revealed that this was related to a cybersecurity incident. Many customers reported being unable to access their accounts or make mortgage payments during this time.
The specific type of cyberattack that affected Mr. Cooper’s systems has not been disclosed, and the company has not provided any further information or comments when reached for clarification. It is also unknown if the hackers made any demands to the company.
According to a regulatory filing, Mr. Cooper expects the cyberattack to cost the company at least $25 million, an increase from their initial estimate of $5 to 10 million. This is mainly due to the cost of providing identity protection to current and former customers for a two-year period.
If you have any information about the cyberattack at Mr. Cooper, you can contact Zack Whittaker at firstname.lastname@example.org. TechCrunch also accepts files and documents through their SecureDrop.