U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal.
Mr. Cooper (previously Nationstar Mortgage LLC) is a mortgage lending company based out of Dallas, Texas, that employs approximately 9,000 people and has 4.1 million customers. The lender has become the nation’s largest servicer, servicing loans of $937 billion.
Yesterday, customers reported that they could not log in to Mr. Cooper’s website to pay their mortgages or loans. They were instead greeted with a message stating that the company was suffering a technical outage.
“We are experiencing a system/technical outage, and we hope to resolve this soon,” read a notice on Mr. Cooper’s website.
“Customers trying to make payments will not incur fees or any negative impacts as we work to fix this issue. We apologize for any inconvenience this may cause and will continue to provide regular updates.”
After contacting Mr. Cooper about the outages allegedly caused by a cyberattack, the company notified customers today that they suffered a cyberattack.
“On October 31, 2023, Mr. Cooper determined that the company had experienced a cybersecurity incident in which an unauthorized third party gained access to certain technology systems,” reads a notice of cyber security incident on Mr. Cooper’s website.
“Following detection of the incident, we initiated response protocols, including deploying containment measures to protect systems and data and shut down certain systems as a precautionary measure.”
“An investigation has been launched, and we are working to resolve the issue as quickly as possible.”
Do you have information about this or another ransomware attack? If you want to share the information, you can contact us securely and confidentially on Signal at +1 (646) 961-3731, via email at lawrence.abrams@bleepingcomputer.com, or by using our tips form.
Customers trying to make mortgage payments will be unable to do so while the systems are down.
However, Mr. Cooper told BleepingComputer that they have begun notifying customers about the incident and promise not to charge any fees, penalties, or negative credit reporting related to late payments as they restore systems.
“Customers who have tried or need to make payments will not incur fees, penalties or negative credit reporting as we work to resolve this issue,” Mr. Cooper told BleepingComputer.
“We are actively working to resolve the issue and restore our systems as soon as possible, and we are committed to providing regular updates at https://incident.Mr. Cooperinfo.com/.”
The company says they are still investigating whether customer data was stolen and will notify impacted customers if any was exposed during the attack.
While Mr. Cooper has not disclosed whether this is a ransomware attack, it bears all the signs of being one.
If it turns out this was a ransomware attack, then it is likely that data was stolen to be used as leverage to get Mr. Cooper to pay a ransom demand.
As Mr. Cooper holds sensitive information about customers, including financial information, customers should be vigilant against potential phishing attacks and identity theft.