Mr. Cooper, a mortgage and lending company, confirmed a massive data breach that affected over 14.6 million consumers when it informed the Maine Attorney General of the theft of client data, including names, addresses, dates of birth, phone numbers, Social Security numbers, and bank account information.
Mr. Cooper said that third-party banking information was untouched by the cybersecurity attack. However, a Friday filing with federal authorities said that the hack affected "substantially all" current and past consumers' confidential data, TechCrunch reported.
The number of affected individuals far exceeds the company's stated four million existing customers on its website. Mr. Cooper's historical data on mortgage holders is to blame for this discrepancy.
In this photo illustration, a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021, in Berlin, Germany.
What Happened?
A data breach notification letter informed the victims of the breach that the compromised data included personal information about people whose mortgages Mr. Cooper had previously acquired or serviced when it operated under the name Nationstar Mortgage. The company acknowledged the possibility that affected customers could also include those whose mortgages were serviced by a sister brand.
The breach initially came to light on October 31, when Mr. Cooper informed customers of systems being offline due to an outage. Subsequent investigations revealed that the outage was linked to a cybersecurity incident, rendering customers unable to access their accounts or make mortgage payments.
Mr. Cooper has not yet provided details about the hackers' demands or the cyberattack that caused the leak. The firm now estimates the cyberattack cost at least $25 million, up from $5 to $10 million. The higher fee is due to two years of identity protection services for current and previous clients.
Read Also: OpenAI's Superalignment Team Tackles the Challenge of Controlling Superintelligent AI
On November 12, Mr. Cooper acknowledged that ongoing investigations revealed the exposure of certain customer data, as reported by SecurityWeek. While the specific details of the compromised information remain undisclosed, the company plans to notify affected customers and offer complimentary credit monitoring services.
Customers Advised to be Vigilant
Customers are advised to monitor financial accounts and credit reports for suspicious activities, update passwords regularly, and avoid using the same password across multiple accounts.
Despite the breach, Mr. Cooper assures customers that loan terms, rates, and fees will remain unaffected. The company commits to not imposing late fees or penalties resulting from the cyber incident.
Formerly known as Nationstar Mortgage LLC, Mr. Cooper is headquartered in Dallas, Texas, managing loans totaling $937 billion with a customer base of 4.1 million, according to Q3 2023 results reported in October, per BleepingComputer.
Also that month, the US unit of the Industrial & Commercial Bank of China (ICBC), the world's largest bank, faced a ransomware attack, prompting it to trade via a UBS stick. The cyber incident disrupted trades in the US Treasury market, Euronews reported.
ICBC Financial Services, the bank's US unit, reported a ransomware attack that affected some systems, leading to the disconnection of impacted parts to mitigate the attack's impact.
Related Article: Iterate.ai Unveils Free AI Security System to Combat School Shootings
