Huge Mortgage and Loan Company Suffers Data Breach Impacting 14 Million People

If you’ve ever bought a home with the help of the well-known mortgage and loan firm Mr. Cooper, there’s a good chance that your personal information has been stolen by cybercriminals.

TechCrunch first reported that Mr. Cooper recently suffered a pretty catastrophic data breach. The breach, which occurred in October, is said to have impacted as many as 14.6 million people.

Mr. Cooper, formerly Nationstar Mortgages, is considered one of the largest mortgage and loan companies in the country. The firm, which was founded in 1994, currently handles home ownership services for some 4 million people, according to its website. However, the cyberattack the company recently experienced seems to have impacted not just current but also former customers. The company said, in a filing with the Securities and Exchange Commission, that the breach had impacted “all of our current and former customers.” A separate filing says the total number impacted includes over 14 million people.

What customer information was compromised in the breach? In its own words, Mr. Cooper says that the breach included a wealth of customer data points, including their “name, address, phone number, Social Security number, date of birth, bank account number.”

In its data breach filing with the Maine attorney general’s office, Mr. Cooper noted that malicious actors appeared to have been inside its systems for a couple of days before company authorities caught on to the intrusion.

“Through our investigation, we determined that there was unauthorized access to certain of our systems between October 30, 2023, and November 1, 2023. During this period, we identified that files containing personal information were obtained by an unauthorized party.” Additional details about the attack haven’t been shared at this time.

When reached for comment by Gizmodo, a Mr. Cooper representative shared a short statement from Jay Bray, Chairman and CEO of the Mr. Cooper Group: “We take our role as a mortgage company very seriously, and there is nothing more important to us than maintaining our customers’ trust. I want you to know how sorry I am for any concern or frustration this may have caused. Making the homeownership journey as smooth as possible is our top priority, and we intend to make this right for our customers.”

A statement about the breach on the company’s website says that is offering two years of free credit monitoring and identity protection services to impacted customers. “We will be directly notifying customers and providing them with enrollment instructions for the free identity protection services,” the statement reads.

If you’ve ever bought a home with the help of the well-known mortgage and loan firm Mr. Cooper, there’s a good chance that your personal information has been stolen by cybercriminals.

TechCrunch first reported that Mr. Cooper recently suffered a pretty catastrophic data breach. The breach, which occurred in October, is said to have impacted as many as 14.6 million people.

Mr. Cooper, formerly Nationstar Mortgages, is considered one of the largest mortgage and loan companies in the country. The firm, which was founded in 1994, currently handles home ownership services for some 4 million people, according to its website. However, the cyberattack the company recently experienced seems to have impacted not just current but also former customers. The company said, in a filing with the Securities and Exchange Commission, that the breach had impacted “all of our current and former customers.” A separate filing says the total number impacted includes over 14 million people.

What customer information was compromised in the breach? In its own words, Mr. Cooper says that the breach included a wealth of customer data points, including their “name, address, phone number, Social Security number, date of birth, bank account number.”

In its data breach filing with the Maine attorney general’s office, Mr. Cooper noted that malicious actors appeared to have been inside its systems for a couple of days before company authorities caught on to the intrusion.

“Through our investigation, we determined that there was unauthorized access to certain of our systems between October 30, 2023, and November 1, 2023. During this period, we identified that files containing personal information were obtained by an unauthorized party.” Additional details about the attack haven’t been shared at this time.

When reached for comment by Gizmodo, a Mr. Cooper representative shared a short statement from Jay Bray, Chairman and CEO of the Mr. Cooper Group: “We take our role as a mortgage company very seriously, and there is nothing more important to us than maintaining our customers’ trust. I want you to know how sorry I am for any concern or frustration this may have caused. Making the homeownership journey as smooth as possible is our top priority, and we intend to make this right for our customers.”

A statement about the breach on the company’s website says that is offering two years of free credit monitoring and identity protection services to impacted customers. “We will be directly notifying customers and providing them with enrollment instructions for the free identity protection services,” the statement reads.