Mr Cooper cyberattack laid bare: 14.7M people's info stolen, costs hit $25M

Mortgage lender says no evidence of identity theft (yet) after SSNs, DoBs, addresses, more swiped

Mortgage lender Mr Cooper has now admitted almost 14.7 million people's private information, including addresses and bank account numbers, were stolen in an earlier IT security breach, which is expected to cost the business at least $25 million to clean up.

The financial firm disclosed a network intrusion in October, and initially said the "isolated" incident "did not affect any of the company's clients' or partners' systems or technology." 

In notifications filed with the US states of California and Maine on Friday, the mortgage giant revealed that scope of the cyberattack was much worse than it believed: highly personal records belonging to millions were snatched by one or more miscreants.

"Through our investigation, we determined that there was unauthorized access to certain of our systems between October 30, 2023 and November 1, 2023," according to a notice [PDF] sent to 14,690,284 people. "During this period, we identified that files containing personal information were obtained by an unauthorized party."

This personal information included people's names, addresses, phone numbers, Social Security numbers, dates of birth, and bank account numbers.

Those affected include anyone whose mortgage may have been previously acquired or serviced by Mr Cooper, Nationstar Mortgage LLC, Centex Home Equity, or another sister brand or servicing partner. Anyone who previously applied for a home loan with any of these lenders may also be affected, we're told. Mr Cooper was formerly known as Nationstar, and is based in Texas.

While the company says it has not seen any evidence that this data has been used for identity theft or fraud, Mr Cooper said it will continue to monitor the dark web for any evidence that the thieves are sharing, leaking, or otherwise misusing the stolen files. Plus: All affected individuals will receive 24 months of free credit monitoring.

When asked about the breach, a Mr Cooper spokesperson referred The Register to a statement on the biz's website.

"We take our role as a mortgage company very seriously, and there is nothing more important to us than maintaining our customers' trust,"  CEO Jay Bray said in the statement. "I want you to know how sorry I am for any concern or frustration this may have caused."

In addition to mailing out data breach notifications to millions of people, Mr Cooper also on Friday filed an updated Form 8-K with the US Securities and Exchange Commission and reported higher-than-expected costs related to the digital break in.

"Our forensic review, engagement with law enforcement and regulators, and defense of litigation is ongoing," the biz reported, adding it is now also on the hook to provide complimentary identity protection services to customers whose data may have been stolen.

"We are updating guidance for fourth quarter vendor expenses related to the incident to $25 million (from $5 to $10 million), which now includes an accrual for the cost of providing identity protection services for two years," the filing stated. ®

More about


Send us news

Other stories you might like