Cyber Incident Victim: Mr. Cooper
Date:
Oct 2023
Location:
United States of America
Summary
A mortgage lender experienced a cybersecurity incident involving unauthorized third-party access to certain technology systems, prompting immediate containment measures including system lockdowns and shutdowns to protect customer data. The company restored partial functionality for online payments and limited loan information access, with account data reflecting pre-incident status while updates continue; customers were assured no late fees, penalties, or negative credit impacts would result from service disruptions. An investigation with cybersecurity experts and law enforcement is ongoing to determine potential data compromise, with impacted individuals to receive notifications and identity protection services if affected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 31, 2023, Mr. Cooper detected a cybersecurity incident involving unauthorized third-party access to certain technology systems, prompting immediate system lockdowns to protect customer data. The mortgage servicer initiated containment protocols, including disabling specific systems as a precautionary measure, while launching an investigation with cybersecurity experts and law enforcement. Customers were notified that payment systems and online account access were disrupted, with loan information frozen as of October 31 pending restoration efforts. By November 6, partial functionality was restored, allowing customers to make payments online and view limited loan details, though account data remained outdated. The company assured customers no late fees, penalties, or negative credit reporting would occur during service disruptions and committed to honoring rate locks and closing timelines for loans in process. Communication channels were limited to secure text messaging for loan-related inquiries, with newly transferred customers experiencing delays in initial account access.
Mr. Cooper's investigation remained ongoing to determine whether customer data was compromised, pledging to notify affected individuals and provide identity protection services if breaches occurred. System restoration timelines were unspecified, though the company prioritized reactivating payment processing and account updates while working to fully resume operations. The incident coincided with broader cybersecurity challenges in the mortgage industry, including earlier 2023 attacks impacting Planet Home Lending and Mutual of Omaha Mortgage that exposed consumer personally identifiable information. Regulatory context included the Federal Trade Commission’s October 2023 amendment requiring nonbank financial institutions to report breaches affecting ≥500 consumers within 30 days of discovery, effective April 2024. Mr. Cooper maintained public updates through its website FAQs, emphasizing containment measures and service restoration progress while apologizing for customer inconvenience.