Mortgage lender Mr. Cooper admits personal data of millions stolen in October cyberattack

Anitra Johnson, Delaware News Journal
Updated ·2 min read

One of the country's largest mortgage servicers, Mr. Cooper confirmed in an SEC filing that it was the target of a cybersecurity attack resulting in the theft of personal information belonging to applicants and customers.

On Nov. 2, Mr. Cooper, previously known as Nationstar, revealed that it had been hacked by cybercriminals on Oct. 31. In response, the lender blocked access to their systems. Customers were unable to log into their accounts. Mr. Cooper now admits that the breach resulted in the theft of sensitive information belonging to nearly 15 million current and former customers and applicants.

Who was impacted?

In a notice to the Maine Attorney General, the company included a letter addressed to the 14.7 million impacted consumers. In the letter, it explained that, beyond Mr. Cooper's customers, the personally identifiable information was stolen from a wide range of consumers, including:

  • Those who had a mortgage that was acquired or serviced by Nationstar Mortgage LLC or Centex Home Equity.

  • Those who had a mortgage that is or was serviced by a sister brand.

  • Those who have a mortgage from a company whose service partner is or was Mr. Cooper.

  • Those who applied for a home loan.

What type of personal data was stolen?

The letter details that along with names, addresses and phone numbers, stolen personal information included:

  • Social Security numbers.

  • Dates of birth.

  • Bank account numbers.

In the SEC statement, the Texas-based mortgage servicer advised it was amending its report to include $25 million to cover the cost of providing identity protection services for two years. Acknowledging the increased risk of affected individuals being targeted by phishing scams, fraud and identity theft, the financial services company said it will provide them with free credit monitoring of a single credit bureau for 24 months.

A class-action lawsuit filed against Mr. Cooper

A class-action lawsuit has been filed in response to the Oct. 31 data breach. Filed in Texas on Nov. 6, the 43-page lawsuit alleges that Mr. Cooper was negligent in safeguarding personally identifiable information stored on its servers. Among its claims, it contends that the defendant failed to employ recommended data security procedures and practices to protect its systems.

The suit is open to representing all individuals in the United States whose private information was exposed to unauthorized third parties as a result of the breach discovered by Mr. Cooper.

DELAWARE IS GROWING: First State has 6th biggest per capita population bump in US

PREVIOUS: Mortgage lender Mr. Cooper discloses cybersecurity breach and blocks access to systems

Contact reporter Anitra Johnson at ajohnson@delawareonline.com. Join her on the Facebook group Delaware Voices Uplifted. Support her work and become a subscriber.

This article originally appeared on Delaware News Journal: Mortgage company Mr. Cooper admits it was hacked