Major US mortgage lender Mr. Cooper has revealed that a recent data breach exposed the sensitive details of millions of individuals, some of whom had only applied for a loan.
Mr. Cooper has contacted millions of individuals, informing them their data may have been compromised in a recent data breach that prompted the company to temporarily shut down its services.
The lender is one of the largest mortgage servicers in the United States, with a portfolio of over $900 billion dispersed over several different brands.
According to Mr. Cooper, impacted individuals encompass customers from several company-controlled brands, such as Nationstar Mortgage, Centex Home Equity, RightPath Servicing, Rushmore Servicing, Greenlight Financial Services, and Champion Mortgage.
Impacted individuals also include people whose mortgage company was serviced by Mr. Cooper and those who had simply applied for a home loan.
The company's note to the Maine Attorney General shows that the attack impacted 14.6 million individuals.
According to Mr. Cooper’s breach notification letter to exposed individuals, attackers breached the company between October 30th, 2023, and November 1st, 2023. The company says it employed cybersecurity experts and contacted law enforcement agencies upon learning about the incident.
“We also made the decision to shut down our systems to contain the incident and in an effort to protect our customers’ information,” reads Mr. Cooper’s letter.
What Mr. Cooper client data was exposed?
The exposed data of clients under the Mr. Cooper umbrella includes:
- Phone numbers
- Social Security numbers (SSNs)
- Dates of birth
- Bank account numbers
While the company says there’s no evidence that any of the stolen data has been misused, losing SSNs poses significant risks, as impersonators can use stolen data in tandem with names and driver’s license numbers for identity theft.
Attackers may also compile data for targeted phishing attacks. With more data points on an individual, attackers have better chances of successfully luring the victim into a web of scams.
“We are monitoring the dark web and have not seen any evidence that the data related to this incident has been further shared, published, or otherwise misused,” Mr. Cooper said.
The company will provide credit monitoring services to affected victims for 24 months.
According to Mr. Cooper’s website, the company has 4.3 million US customers and is the country’s third-largest mortgage servicer. The company’s revenue for 2022 stood at nearly $3 billion, and the company employed over 8,000 staff.
More from Cybernews:
Subscribe to our newsletter