Mortgage and loan giant Mr. Cooper became the victim of a cyberattack, putting the personal information of at least 14 million consumers at risk.
On Oct. 31, the Dallas-based servicer and lenders said it experienced a cyberattack from an unauthorized third party. The company said it noticed "suspicious activity" in certain network systems, according to a new filing with Maine's attorney general's office.
"Our forensic review, engagement with law enforcement and regulators, and defense of litigation is ongoing," the company said. "Additionally, our forensic review has determined that personal information relating to substantially all of our current and former customers was obtained from our systems during this incident."
In the filing, Mr. Cooper said the hackers stole the names, home addresses, dates of birth, phone numbers, Social Security numbers, and bank account numbers of customers.
Who Are Affected by the Breach?
It also estimated that more than 14 million customers could be affected by the data breach, particularly those whose mortgage was previously acquired or serviced by the company when it was still known as Nationstar Mortgage. The data breach could also affect customers serviced by a sister brand.
Mr. Cooper said it is monitoring the dark web and noted that it has yet to see any evidence that the data acquired by hackers during the breach has been "further shared, published, or otherwise misused." The company also said it is updating its systems to ensure the data breach will no longer happen.
"We take our role as a mortgage company very seriously, and there is nothing more important to us than maintaining our customers' trust. I want you to know how sorry I am for any concern or frustration this may have caused. Making the homeownership journey as smooth as possible is our top priority, and we intend to make this right for our customers," Jay Bray, Chairman and CEO of the Mr. Cooper Group, said.
Following the announcement of the data breach, Mr. Cooper became the target of at least four consumer class-action lawsuits where defendants argued that the company "failed to comply with industry standards to protect information in its systems," per the Housing Wire.