Hackers stole personal data of over 14 mln Mr. Cooper customers
Hackers have compromised the personal data of over 14.6 million customers of Mr. Cooper, the mortgage and loan giant, as officially confirmed by the company, according to TechCrunch.
Mr. Cooper disclosed that the stolen information includes customer names, addresses, dates of birth, phone numbers, Social Security numbers, and bank account details. Initial estimates suggested that customer banking information, handled by a third-party entity, remained unaffected.
The company states it is monitoring the dark web "and has not seen any evidence that the data related to this incident has been further shared, published, or otherwise misused."
On October 31, the day of the breach, Mr. Cooper informed customers of system unavailability due to an outage, later revealed to be linked to a cybersecurity incident. Customers reported being unable to access accounts or make mortgage payments.
In a subsequent filing with federal regulators, the company revealed that the personal data breach impacted "substantially all" of its current and former customers, a number significantly exceeding the four million mentioned earlier on the company's website. It is attributed to historical data maintained by the company on mortgage holders. The scope of affected customers may extend to those whose mortgages were serviced by a sister brand.
Mr. Cooper also estimated the financial impact of the cyberattack to be at least $25 million, a significant increase from the initial estimate of $5 to $10 million. The cost is primarily attributed to the identity protection services for a two-year period to both current and former customers.
The company says it is updating its systems to make sure the break does not happen again. "We take our role as a mortgage company very seriously, and there is nothing more important to us than maintaining our customers' trust. I want you to know how sorry I am for any concern or frustration this may have caused," said Jay Bray, Chairman and CEO of Mr. Cooper Group.
Recent cyber attacks
In Ukraine, a nationwide company Kyivstar providing mobile services was hacked massively on December 12. Hackers targeted the network, leading to a large outage, as Ukrainians complained about a lack of connectivity, and issues with the operator's website, and the mobile application. Internet services were also unavailable. Currently, the company is gradually restoring operations.
On December 4, the Sellafield nuclear waste facility in the UK, which is considered highly dangerous, was hacked by cyber groups closely associated with Russia and China. It is possible that some of the crucial activities at the facility, such as the movement of radioactive waste, monitoring leaks of hazardous materials, and fire checks, were compromised.