Mr. Cooper in court on two fronts following IT breach

Mr. Cooper is in court on two litigation fronts following a cyberbreach that hit its systems and exposed the personal identifiable information of 14.6 million consumers in late 2023.

The megaservicer is fending off a class action, which has two dozen named plaintiffs, while also embroiled in a suit against two insurers who have thus far failed to indemnify it for losses following the hack.

Mr. Cooper asserts the plaintiffs suing it for allegedly failing to protect customer information do not show they had tangible and concrete injury traceable to the ransom attack, as is required by Article III standing, established by legal precedent in the TransUnion LLC v. Ramirez case, a March 27 filing stated.

The megaservicer argues that just because plaintiffs' information is available on the dark web it "is not an 'injury" and it is highly implausible that said data is related to its hack to begin with.

"Plaintiffs cannot identify injury suffered as a result of the attack on Mr. Cooper [can be] expected, considering Mr. Cooper quickly contained the ransom attack, paid the ransom in exchange for proof of deletion of its data, and Mr. Cooper received said proof," the servicer's filing said.

Mr. Cooper paid an eight-figure ransom to Alphv/Black Cat "in exchange for decryption keys and an unverifiable promise to delete stolen personal identifiable information," documents from late 2024 show.

The most recent communication from Mr. Cooper comes after plaintiffs in January responded to the servicers' motion to dismiss the case in September 2024.

Those suing Mr. Cooper continue to reassert that the breach had a tangible impact on their day-to-day lives, satisfying the injury-in fact prong standing, pointing to the misuse of their PII in the form of fraudulent charges, an increase in spam campaigns and the publication of PII on the dark web and imminent future harm from fraud and identity theft.

"Mr. Cooper promised to safeguard plaintiffs' PII, was directly responsible for the invasion of plaintiffs' privacy, and breached plaintiffs' confidence by failing to do so," a filing from December 2024 said.

Regarding consumer PII being on the dark web, Mr. Cooper's most recent filing noted that "information does not cause harm until it is used; until then, it does not 'make a sound,'" citing TransUnion LLC v. Ramirez.

Mr. Cooper declined to comment on pending litigation Thursday.

Meanwhile, the servicer filed a suit against National Union Fire Insurance Company and Berkshire Hathaway Specialty Insurance, two of its insurers, which "improperly denied [it] coverage" to cover losses caused by the cyber attack. 

Both National Union Fire Insurance Company and Berkshire responded in separate filings claiming that Mr. Cooper is not entitled to any relief.

Mr. Cooper purchased a tower of insurance for hybrid financial institutions bond/crime computer coverage applicable to the period of July 11, 2023, to July 11, 2024, it said in its complaint. The primary insurer of this tower is National Union and the first excess insurer is Berkshire.

National Union claims in a filing from January that its policy does not cover most of Mr. Cooper's losses, including those resulting "directly or indirectly from theft of confidential information."

Berkshire said since it is the first excess insurer it "does not provide coverage until the limits provided by the underlying insurance have been exhausted," it said in a filing days after National Union filed its.

"As the Underlying Insurance has not been exhausted, there is no coverage under the excess policy," Berkshire added.

Litigation filed by Mr. Cooper in November points to a total of $30 million in losses that have yet to be covered by its insurance partners. Out of almost $30 million, National Union agreed to cover $300,000, a denial of nearly 99% of Mr. Cooper's losses, documents show.

Berkshire has taken no coverage position in response to the claim, and in so doing has also delayed payments required towards Mr. Cooper's substantial losses, the litigation alleges.

For reprint and licensing requests for this article, click here.
Law and legal issues Industry News Cyber attacks Servicing
MORE FROM NATIONAL MORTGAGE NEWS