What happened during the cybersecurity breach at Mr. Cooper?

Mr. Cooper experienced a cybersecurity breach on October 31 that led to a significant system outage, impacting their IT infrastructure and online payment portal.

Were Mr. Cooper's customers able to access the website for payments after the attack?

Customers were unable to access Mr. Cooper's website to make mortgage or loan payments following the cyberattack and were notified of the technical outage through the company's website and communications.

Will customers of Mr. Cooper face any fees or penalties due to the outage?

Mr. Cooper has assured customers that they will not incur any fees, penalties, or negative credit reporting due to payment issues caused by the incident.

Has customer data been compromised in the Mr. Cooper cybersecurity breach?

Mr. Cooper is currently investigating whether customer data was compromised but has stated they do not expect the cybersecurity incident to have a material adverse impact on their business or financial outcomes.

What should Mr. Cooper's customers do in the wake of the cyberattack?

Customers are advised to be cautious, especially regarding phishing attempts and identity theft, as there may be a risk to personal and financial information.

Could the cybersecurity breach at Mr. Cooper be a ransomware attack?

The specific nature of the attack has not been confirmed as ransomware, but the patterns observed suggest it could be, which raises concerns about the potential for data theft and leverage for a ransom demand.

Incident

Mortgage giant Mr. Cooper reports cyberattack as cause for outage, data breach of 14M

Q: What actions did Mr. Cooper take following the cyberattack?

Following the cyberattack, Mr. Cooper initiated immediate lockdown protocols to secure data and systems, and began the process of system restoration.

published: Nov. 2, 2023

Learn More

The mortgage lending and servicing company Mr. Cooper has acknowledged a cybersecurity breach that led to a significant system outage, affecting their IT infrastructure and online payment portal. Mr. Cooper, headquartered in Dallas, Texas, is a prominent entity in the U.S. mortgage sector, servicing loans amounting to $937 billion for over 4.1 million customers.

The incident, which occurred on October 31, prompted the company to initiate immediate lockdown protocols to secure data and systems.

Following the cyberattack, customers were unable to access the website to make mortgage or loan payments and were informed of a technical outage via the company's website and customer communications.

Mr. Cooper has assured customers that they will not face any fees, penalties, or negative credit reporting due to payment issues caused by the incident. Despite the ongoing investigation into whether customer data was compromised, the company has stated that they do not expect the cybersecurity incident to have a material adverse impact on their business or financial outcomes.

The company has begun the process of system restoration and is actively working to bring services back online.

While the nature of the attack has not been explicitly confirmed as ransomware, the patterns suggest it could be, raising concerns about data theft and potential leverage for a ransom demand.

Customers are advised to be cautious, especially regarding phishing attempts and identity theft, as personal and financial information may be at risk.

Update - Mr. Cooper is offering customers alternate ways of paying off loans after a cyberattack on October 31. In updated instructions on Monday, the company provided customers with several different ways they can make payments, including by phone, mail service, Western Union and MoneyGram.

As of 10th of November Mr. Cooper informs customers that they believe customer data was exposed during the attack, but no details are provided.

As of 17th of December Mr. Cooper confirms that hackers accessed sensitive personal data of over 14.6 million customers of Mr. Cooper, including:

names,
addresses,
dates of birth,
phone numbers,
Social Security numbers,
bank account details.

Mr. Cooper estimates the incident's cost at a minimum of $25 million, significantly higher than earlier projections, to cover identity protection services for affected individuals.

Mortgage giant Mr. Cooper reports cyberattack as cause for outage, data breach of 14M

Read More
Banner Capital Bank Discloses Data Breach Following Employee …
Edw. C. Levy Co. reports ransomware attack, data …
Texas orthopedic clinic Beaumont Bone & Joint Institute …
SGI Seoul Guarantee hit by cyberattack, suspects ransomware
Hessen Consumer Center hit by ransomware attack