Mortgage Giant Mr Cooper Data Breach Affects 147 Million People

Mr. Cooper

Mr. Cooper is sending data breach notifications warning that a recent cyberattack has exposed the data of 14.7 million customers who have, or previously had, mortgages with the company.

Mr. Cooper (previously Nationstar Mortgage LLC) is a Dallas-based mortgage lending firm that employs approximately 9,000 people and has millions of customers. The lender is one of the largest servicers in the United States, servicing loans of $937 billion.

In early November 2023, the company announced that it had been breached in a cyberattack on October 30, 2023, which it discovered the following day.

In response to the unauthorized intrusion, the firm was forced to shut down all IT systems, including the online payment portal used to pay loans and mortgages.

Outage message on Mr. Cooper's website
Outage message on Mr. Cooper’s website
Source: BleepingComputer

A week after the incident disclosure, Mr. Cooper announced it had found evidence that the network intruders conducting the attack had, unfortunately, accessed customer data.

It was clarified that no financial information was exposed, but the exact data that had been breached was still subject to the ongoing investigation.

Today, the company submitted a report to the Office of the Maine Attorney General informing that the incident impacted 14,690,284 people.

The information that has been exposed to cybercriminals includes:

  • Full name
  • Home address
  • Phone number
  • Social Security Number (SSN)
  • Date of Birth
  • Bank account number

The exposed data puts impacted individuals at risk of phishing, scams, and social engineering attacks, while bank fraud and identity theft are also possible due to the leak of bank account numbers.

“Upon learning of this incident, we immediately took steps to identify and remediate it, including locking down our systems, changing account passwords, and restoring our systems,” reads the notice sent to impacted customers.

“We initiated a detailed review to identify personal information contained in the impacted files as part of the incident.”

“We are monitoring the dark web and have not seen any evidence that the data related to this incident has been further shared, published, or otherwise misused.”

Recipients of the notices are urged to remain vigilant against unsolicited communications and enroll in the offered 24-month identity protection service.

At this time, no further details about the type of cyberattack have been disclosed, and no ransomware gangs have assumed responsibility for an attack on Mr. Cooper.


Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.