Mr. Cooper, Mortgage Lending Giant, Faces Disruptions During Cyberattack
Table of Contents
- By Steven
- Nov 06, 2023
Mr. Cooper provides over 4 million people with mortgage lending options. They are the nation’s most prominent leading estate loan servicer, with over $900 billion in active service. The loan servicing giant recently experienced a technical outage; the culprit may have been a cybersecurity attack, potentially exposing the sensitive information of thousands.
How Did the Attack Occur?
According to the incident notice posted on Mr. Cooper, the cybersecurity attack caused some service disruptions on October 31st, 2023. During the disruptions, homeowners could not access their accounts, which prompted an internal investigation. As the investigation is ongoing, there is little public knowledge about the event. Mr. Copper describes the attack as an “incident” where an unauthorized party gained access to specific technology systems. Speculation leads us to believe the attack happened thanks to hacking abilities by the bad actors rather than individual error. Other resources believe the attack may have been part of a ransomware attack on Mr. Cooper.
What Information Was Viewed or Stolen?
If the unauthorized party accessed information during the attack, what type it could have been is unknown. Mr. Cooper’s incident notice lists “certain technology systems” as being influenced, nothing else; subsequently, it’s impossible to know what the assailants may have seen, taken, or disrupted. They may have gotten access to Mr. Cooper’s internal network maps, which would put vendors and third parties at risk. Alternatively, the hackers could have been targeting borrower details; if they did, it could put anyone with a relationship with Mr. Cooper at risk for information misuse.
How Did Mr. Cooper Admit to the Breach?
Homeowners felt the disruptions first, as they could not access their accounts to make payments, which occurred on October 31st. Shortly after detecting the incident, Mr. Cooper initiated response protocols, which included shutting down some systems to isolate the threat. A day later, on November 1st, they posted a warning on their website and subsequently caught the attention of the news. On November 2nd, they posted their cybersecurity incident notice, confirming the attack happened but lacking details.
What Will Become of the Stolen Information?
It is challenging to speculate what may occur with the stolen information; since nothing is public about the attacker, their motivations, or even the impacted system areas, anything could happen. If the ransomware theory is correct, the attackers may have harvested borrower or system information to leverage it; in an exemplary scenario, this could be an easy payday for the hackers. Simultaneously, if the target was borrower credentials, the unauthorized party may use those details to commit various fraudulent crimes. The only thing known is that those with relationships with Mr. Cooper must take preventative actions quickly.
What Should Affected Parties Do in the Aftermath of the Breach?
Whether one of the 9,000 Mr. Cooper employees or one of the millions of borrowers, your information may be at risk. Mr. Cooper’s notice states that the ongoing investigation will include a notice to potentially impacted parties; the same section also mentions the implementation of protection services. Given the potentially catastrophic consequences of the breach, all parties must strongly consider preventative measures. Start with updating old accounts with new, strong passwords and enabling multi-factor authentications. After that, consider credit monitoring services. Professionals can watch for suspicious activity within your financial accounts and around your identity. Don’t wait for the notice to take action.