Coppel, Texas – Mr. Cooper Group Inc., a prominent mortgage and loan company based in Coppell, has reported a data breach potentially impacting 14.7 million homeowners. This breach represents a serious concern for both current and former customers of the company, formerly known as Nationstar Mortgage.
The company has not disclosed the specifics of the cyberattack that resulted in this data compromise. However, it is clear that the breach is extensive, affecting a substantial number of individuals. In response, Mr. Cooper Group is sending out notification letters to those whose information may have been compromised.
Initially, the company estimated that around 4 million people were affected due to a third-party provider hosting banking information related to mortgage payments. However, a deeper investigation, which began after the cyberattack was discovered on October 31, 2023, revealed the true extent of the breach. It was found that the personal data of more than 14 million people, both current and former customers, had been stolen.
The Mr. Cooper website specifies that a “limited group of reverse mortgage customers’ bank account numbers” was involved in the breach. The data accessed during the attack, as stated in a notice letter obtained by the Attorney General of Maine, includes customers’ names, addresses, phone numbers, Social Security numbers, dates of birth, and bank account numbers.
In an effort to support those affected, Mr. Cooper has announced on their incident page: “To help support our customers, we are offering two years of free credit monitoring and identity protection services through TransUnion to any former or current (as of October 31, 2023) Mr. Cooper customer or customers whose loans we service on behalf of our servicing partners. We will be directly notifying customers and providing them with enrollment instructions for the free identity protection services.”
While Mr. Cooper is actively monitoring the dark web for signs of misuse of the stolen data, they have reported no evidence that the information has been used maliciously so far. This breach underscores the importance of robust cybersecurity measures and the need for constant vigilance to protect sensitive customer data in the digital age. The incident is a stark reminder of the potential risks and repercussions of data breaches in the financial sector.
