One of the largest mortgage and loan companies in the United States, Mr. Cooper, recently experienced a severe data breach that exposed sensitive personal information of a vast number of both current and former customers. According to filings submitted to state and federal regulators, the breach compromised an alarming amount of data, including names, addresses, phone numbers, Social Security numbers, and bank account details.
The incident came to light after the company detected "suspicious activity" within certain segments of its network systems on October 31, 2023, as reported in federal filings. The breach's scope was further elucidated in a statement by Mr. Cooper, which stated, "Our forensic review, engagement with law enforcement and regulators, and defense of litigation is ongoing. Additionally, our forensic review has determined that personal information relating to substantially all of our current and former customers was obtained from our systems during this incident."
It is estimated that more than 14 million customers may have been affected by this cyberattack, making it one of the most significant data breaches in recent memory. The breach prompted Mr. Cooper to swiftly shut down its systems, a precautionary measure aimed at containing the incident and safeguarding customer data.
"Our investigation revealed unauthorized access to certain systems between October 30, 2023, and November 1, 2023," the filing with the Maine Attorney General's Office stated. "During this period, we identified that files containing personal information were obtained by an unauthorized party."
While Mr. Cooper asserts that it is closely monitoring the dark web for any signs of further data dissemination, it has not yet identified any evidence of the stolen data being shared, published, or misused.
Jay Bray, Chairman and CEO of Mr. Cooper Group, expressed his apologies and commitment to rectify the situation: "We take our role as a mortgage company very seriously, and there is nothing more important to us than maintaining our customers' trust. I want you to know how sorry I am for any concern or frustration this may have caused. Making the homeownership journey as smooth as possible is our top priority, and we intend to make this right for our customers."
Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, shared additional insights from an outside expert perspective: "Just weeks after the FTC mandated 30-day breach reporting for non-banking financial institutions, Mr. Cooper was hit by this cyberattack, serving as a stark reminder of the vulnerability of these institutions to cybercrime and the urgency of cybersecurity measures in this sector.
The banking and financial services industry remains a top target for cyberattacks. For organizations like Mr. Cooper, with millions of customers, a single breach can have devastating consequences. To stay ahead, a proactive threat-informed cyber defense strategy is crucial. By studying the common tactics, techniques, and procedures (TTPs) used by threat actors, organizations can test their systems and align their security defenses against these simulated attacks. Through continuous testing, you can evaluate any weaknesses in your defenses before threat actors do, eliminating potential blind spots."