U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal.
Mr. Cooper (previously Nationstar Mortgage LLC) is a mortgage lending company based out of Dallas, Texas, that employs approximately 9,000 people and has 4.1 million customers. The lender has become the nation's largest servicer, servicing loans of $937 billion.
Yesterday, customers reported that they could not log in to Mr. Cooper's website to pay their mortgages or loans. They were instead greeted with a message stating that the company was suffering a technical outage.
"We are experiencing a system/technical outage, and we hope to resolve this soon," read a notice on Mr. Cooper's website.
"Customers trying to make payments will not incur fees or any negative impacts as we work to fix this issue. We apologize for any inconvenience this may cause and will continue to provide regular updates."
After contacting Mr. Cooper about the outages allegedly caused by a cyberattack, the company notified customers today that they suffered a cyberattack.
"On October 31, 2023, Mr. Cooper determined that the company had experienced a cybersecurity incident in which an unauthorized third party gained access to certain technology systems," reads a notice of cyber security incident on Mr. Cooper’s website.
"Following detection of the incident, we initiated response protocols, including deploying containment measures to protect systems and data and shut down certain systems as a precautionary measure."
"An investigation has been launched, and we are working to resolve the issue as quickly as possible."
Do you have information about this or another ransomware attack? If you want to share the information, you can contact us securely and confidentially on Signal at +1 (646) 961-3731, via email at lawrence.abrams@bleepingcomputer.com, or by using our tips form.
Customers trying to make mortgage payments will be unable to do so while the systems are down.
However, Mr. Cooper told BleepingComputer that they have begun notifying customers about the incident and promise not to charge any fees, penalties, or negative credit reporting related to late payments as they restore systems.
"Customers who have tried or need to make payments will not incur fees, penalties or negative credit reporting as we work to resolve this issue," Mr. Cooper told BleepingComputer.
"We are actively working to resolve the issue and restore our systems as soon as possible, and we are committed to providing regular updates at https://incident.mrcooperinfo.com/."
The company says they are still investigating whether customer data was stolen and will notify impacted customers if any was exposed during the attack.
While Mr. Cooper has not disclosed whether this is a ransomware attack, it bears all the signs of being one.
If it turns out this was a ransomware attack, then it is likely that data was stolen to be used as leverage to get Mr. Cooper to pay a ransom demand.
As Mr. Cooper holds sensitive information about customers, including financial information, customers should be vigilant against potential phishing attacks and identity theft.
Comments
njtrout - 6 months ago
I received the customer notice yesterday. I thought it was pretty timely, not delayed nor denied. I do hope they notify their customers with additional information as to the cause of the breach and what information might have been exfiltrated. In my estimation this is one of the better responses to a breach I have read.
Wannabetech1 - 6 months ago
"AFTER contacting Mr. Cooper about the outages allegedly caused by a cyberattack, the company notified customers today that they suffered a cyberattack." I'm not so sure about that, but I'm not a customer.
drewsecure80 - 6 months ago
I am a cooper customer, and I have not been notified. But glad to see they are publicly acknowledging the problem instead of hiding it until 6 months later like a lot of companies do.
KathyR37 - 6 months ago
I am a Cooper customer and I was notified. I tried to get through with a phone call but only got a recorded message and hang up when it ended. I feel that they should at least have a phone number available to customers during this time. There are too many unanswered questions. I expect that my mortgage will be sold again, which is how they got it.