Hackers stole the sensitive personal information of more than 14.6 million Mr. Cooper, the mortgage giant confirmed.
In a filing with the Maine attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of birth and phone numbers, as well as customers’ Social Security numbers and bank account numbers. Mr Cooper previously said customer banking information was stored by a third party and was believed to be unaffected.
said Mr. Cooper separate filing with federal regulatory authorities on Friday that hackers obtained personal data for “substantially all of our current and former customers.”
The number of affected victims is significantly higher than the four million existing customers Mr. Cooper claims on his website, likely due to the historical data the company stores on mortgage holders.
Mr Cooper said in his data breach notification letter to affected victims that the stolen data included personal information about those whose mortgages were previously acquired or serviced by the company when it was known as Nationstar Mortgage, before renaming it as Mr. Cooper. The company said affected customers may include those whose mortgages were serviced by a sister brand.
Mr Cooper initially told customers on October 31 – the day of the breach – that his systems were offline due to an outage, which he later admitted was related to a cyber security incident. Customers told TechCrunch they were unable to access their accounts or make mortgage payments.
The loans and mortgage giant has not said what kind of cyberattack hit its systems, and the company has repeatedly declined to respond to TechCrunch’s questions when asked for comment or say whether the company received any demands from the hackers.
Mr. Cooper said in his regulatory filing that the cyber attack will cost the company at least $25 million, up from about $5 million to $10 million, largely due to paying for identity protection to its current and former customers for two years.
Do you work for Mr. Cooper and know more about cyber attack? Zack Whittaker can be reached by email at zack.whittaker@techcrunch.com. You can also share files and documents with TechCrunch via SecureDrop.
