Mr. Cooper hit with a cyberattack

Mr. Cooper reported Thursday it had a cybersecurity incident earlier in the week, in which an unauthorized third party gained access to certain technology systems. 

Though the lender did not expand upon the attack and its scope, which took place Oct. 31, it did note that for now, some of its systems are offline. 

Customers have been alerted of this issue and those "who have tried or need to make payments will not incur fees, penalties or negative credit reporting as we work to resolve this issue, " a company spokesperson said in a statement. 

The lender has "initiated response protocols, including deploying containment measures to protect systems and data." The timeline for when some of its systems will be restored was not disclosed.

"We value our customers and take their data privacy very seriously, and we have launched an investigation with assistance from leading cybersecurity experts and notified law enforcement," the spokesperson said.

The attack coincides with a number of other cybersecurity incidents hitting the mortgage industry of late.

Earlier this year, companies such as Planet Home Lending and Mutual of Omaha Mortgage disclosed both were impacted by attacks that compromised the personally identifiable information of consumers. 

Additionally, home builder Lennar Corp. disclosed that the social security numbers of 7,448 consumers were exposed in a July hack, while Scottsdale, Arizona-based V.I.P. Mortgage was the victim of a malware attack in December 2022, according to a September notice.

Reporting these types of instances will become mandated for mortgage shops early next year as the Federal Trade Commission Friday voted unanimously in October to approve an amendment to its Safeguards Rule to include nonbank financial institutions

The FTC's rule requires nonbanks to notify the agency no later than 30 days after discovery of a breach involving the information of at least 500 consumers. Incidents are defined by the agency as events where unencrypted customer data has been acquired without authorization. 

The notices must include information about the breach, such as the number of consumers either affected or potentially affected. The reporting requirement goes into effect April 27, 2024.

For reprint and licensing requests for this article, click here.
Industry News Cyber security Technology Mortgage technology Servicing Cyber attacks
MORE FROM NATIONAL MORTGAGE NEWS