Mr. Cooper breach exposes sensitive info of over 14 million customers

Mortgage company Mr. Cooper has confirmed that personal information of over 14.6 million customers has been exposed in its October 2023 data breach.

The breach

“On October 31, 2023, Mr. Cooper detected suspicious activity in certain network systems,” the company stated in the data breach notice sent out to affected customers.

The company immediately started an investigation, contacted the authorities, shut down its systems, and changed account passwords.

“Through our investigation, we determined that there was unauthorized access to certain of our systems between October 30, 2023 and November 1, 2023. During this period, we identified that files containing personal information were obtained by an unauthorized party,” the company noted.

The attackers accessed the following customer personal information:

• Name
• Address
• Phone number
• Social Security number
• Date of birth
• Bank account number

“We are monitoring the dark web and have not seen any evidence that the data related to this incident has been further shared, published, or otherwise misused,” they said.

The breach could affect everyone whose mortgage has previously been acquired or serviced by Mr. Cooper, Nationstar Mortgage LLC, Centex Home Equity, or by a sister brand. Those who previously applied for a home loan with Mr. Cooper could also be affected.

The company also revealed in a SEC filing that the expenses related to the incident could reach $25 million.

Caution is recommended

With personal data being exposed, customers should be on the lookout for possible phishing and social engineering attacks, and enroll in free identity protection services offered by the company.

“We also encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity,” Mr. Cooper added.