October cyberattack leaked data of 14.7 million people, mortgage giant Mr. Cooper says

Siva Ramakrishnan
One of the largest mortgage loan servicers in the U.S. said the information of nearly 14.7 million people was leaked.

One of the largest mortgage loan servicers in the U.S. said the information of nearly 14.7 million people was leaked during a previously reported cyberattack in October.

Mr. Cooper — which says it has more than 4.3 million customers and manages a servicing portfolio of $937 billion — filed breach notification documents with regulators in Maine and California on Friday.

“Through our investigation, we determined that there was unauthorized access to certain of our systems between October 30, 2023 and November 1, 2023. During this period, we identified that files containing personal information were obtained by an unauthorized party,” the company said.

“The personal information in the impacted files included your name, address, phone number, Social Security number, date of birth, bank account number.”

The data accessed may have been from:

Anyone whose mortgage was acquired or serviced by Nationstar Mortgage or Centex Home Equity.
Anyone whose mortgage is or was serviced by a sister brand of Mr. Cooper.
Anyone who Mr. Cooper may be or previously was the servicing partner of your mortgage company.
If you previously applied for a home loan with Mr. Cooper.

The company said it contacted law enforcement and hired cybersecurity experts after discovering “suspicious activity in certain network systems.”

The company did not say if it was a ransomware attack, nor did it respond to requests for comment. The company has not shown up on any ransomware leak sites. Officials noted that they “made the decision to shut down our systems to contain the incident and in an effort to protect our customers’ information.”

They are monitoring the dark web and have not seen evidence that the data stolen from their platforms has been shared or published. Victims are offered two years of credit monitoring protections and a call line was created for this with questions.

In total, 14,690,284 million people were affected. The Texas-based mortgage giant was forced to offer customers alternate ways of paying off loans after the cyberattack on October 31.

The company is the largest nonbank mortgage servicer in the U.S, providing servicing and originations for homeowners throughout the country. In November, customers attempting to log in to Mr. Cooper’s website to pay their mortgages or loans were instead greeted with a message stating that the company was suffering a technical outage.

The company later reported that a cyberattack severely affected its systems, waiving late fees and other penalties associated with late payments.

The attack came one week after the Federal Trade Commission raised concerns about cyberattacks on non-bank financial institutions and approved a new rule that will make it mandatory for them to report data breaches and security events within 30 days.

Ransomware gangs have repeatedly targeted pain points in the financial industry throughout 2023.

Fidelity National Financial — a Fortune 500 provider of title insurance for property sales — was hit with ransomware last month, snarling home purchases across the U.S. for days. Financial services giants like MeridianLink, Tipalti and Moneris have all reported incidents this fall. One of the world’s largest banks, ICBC, also announced a ransomware attack last month.

CybercrimeNewsIndustry
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

FBI: Play ransomware gang has attacked 300 orgs since 2022

Next Post

Telecom organizations in Africa targeted by Iran-linked hackers

Related Posts

Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale

Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create
Avatar
Read More

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group

A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021. Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit money laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to
Avatar
Read More