Mortgage and loan giant Mr. Cooper blames cyberattack for ongoing outage

Hackers stole the sensitive personal information of more than 14.6 million Mr. Cooper customers, the mortgage and loan giant has confirmed.

In a filing with Maine’s attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of birth and phone numbers, as well as customer Social Security numbers and bank account numbers. Mr. Cooper previously said that customer banking information was stored by a third-party company and believed to be unaffected.

Mr. Cooper said in a separate filing with federal regulators on Friday that hackers obtained personal data on “substantially all of our current and former customers.”

The number of affected victims is significantly higher than the four million existing customers that Mr. Cooper claims on its website, likely because of the historical data that the company stores on mortgage holders.

Mr. Cooper said in its data breach notification letter to affected victims that the stolen data includes personal information on those whose mortgage was previously acquired or serviced by the company when it was known as Nationstar Mortgage, prior to its rebranding as Mr. Cooper. The company said affected customers may include those whose mortgages were serviced by a sister brand.

Mr. Cooper initially told customers on October 31 — the day of the breach — that its systems were offline due to an outage, which it later admitted was related to a cybersecurity incident. Customers told TechCrunch that they were unable to access their accounts or make mortgage payments.

The loan and mortgage giant has not said what kind of cyberattack hit its systems, and the company repeatedly declined to answer TechCrunch’s questions when reached for comment or say if the company received any demands from the hackers.

Mr. Cooper said in its regulatory filing that the cyberattack will cost the company at least $25 million, up from an estimated $5 to 10 million, largely due to paying for identity protection to its current and former customers for two years.

Do you work at Mr. Cooper and know more about the cyberattack? You can contact Zack Whittaker by email at You also can share files and documents with TechCrunch via our SecureDrop.

Source link