October cyberattack leaked data of 14.7 million people, mortgage giant Mr. Cooper says

One of the largest mortgage loan servicers in the U.S. said the information of nearly 14.7 million people was leaked during a previously reported cyberattack in October.

Mr. Cooper — which says it has more than 4.3 million customers and manages a servicing portfolio of $937 billion — filed breach notification documents with regulators in Maine and California on Friday.

“Through our investigation, we determined that there was unauthorized access to certain of our systems between October 30, 2023 and November 1, 2023. During this period, we identified that files containing personal information were obtained by an unauthorized party,” the company said.

“The personal information in the impacted files included your name, address, phone number, Social Security number, date of birth, bank account number.”

The data accessed may have been from:

• Anyone whose mortgage was acquired or serviced by Nationstar Mortgage or Centex Home Equity.
• Anyone whose mortgage is or was serviced by a sister brand of Mr. Cooper.
• Anyone who Mr. Cooper may be or previously was the servicing partner of your mortgage company.
• If you previously applied for a home loan with Mr. Cooper.

The company said it contacted law enforcement and hired cybersecurity experts after discovering “suspicious activity in certain network systems.”

The company did not say if it was a ransomware attack, nor did it respond to requests for comment. The company has not shown up on any ransomware leak sites. Officials noted that they “made the decision to shut down our systems to contain the incident and in an effort to protect our customers’ information.”

They are monitoring the dark web and have not seen evidence that the data stolen from their platforms has been shared or published. Victims are offered two years of credit monitoring protections and a call line was created for this with questions.

In total, 14,690,284 million people were affected. The Texas-based mortgage giant was forced to offer customers alternate ways of paying off loans after the cyberattack on October 31.

The company is the largest nonbank mortgage servicer in the U.S, providing servicing and originations for homeowners throughout the country. In November, customers attempting to log in to Mr. Cooper's website to pay their mortgages or loans were instead greeted with a message stating that the company was suffering a technical outage.

The company later reported that a cyberattack severely affected its systems, waiving late fees and other penalties associated with late payments.

The attack came one week after the Federal Trade Commission raised concerns about cyberattacks on non-bank financial institutions and approved a new rule that will make it mandatory for them to report data breaches and security events within 30 days.

Ransomware gangs have repeatedly targeted pain points in the financial industry throughout 2023.

Fidelity National Financial — a Fortune 500 provider of title insurance for property sales — was hit with ransomware last month, snarling home purchases across the U.S. for days. Financial services giants like MeridianLink, Tipalti and Moneris have all reported incidents this fall. One of the world’s largest banks, ICBC, also announced a ransomware attack last month.