Mr. Cooper made an 8-figure ransomware payment, docs reveal

Customers impacted by Mr. Cooper's cyber breach and suing the company because of it are refusing to back down, filing a motion with a federal court to disregard the lender's previous request to dismiss the class action suit.

Mr. Cooper paid an eight-figure ransom to Alphv/Black Cat "in exchange for decryption keys and an unverifiable promise to delete stolen personal identifiable information." The information strengthened the case for keeping the claims alive because it highlights the severity of the breach, the filing dated Dec. 27 said.

The hackers likely didn't delete the PII the filing posits, and, similar to the Alphv attack on Change Healthcare in early 2024, the data could be compromised in the future despite the ransom payment, putting consumers at ongoing risk.

In September, Mr. Cooper filed a motion to dismiss the case arguing that customers have not shown sufficient evidence of harm from the cyber breach that occurred in late 2023. Additionally, the mortgage lender and servicer said there is no evidence that any of the PII subject to the ransom attack is on the dark web.

A month prior, plaintiffs submitted a 178-page consolidated amended complaint to a Texas federal court outlining how each member was impacted following the cyber breach. The lawsuit accuses Mr. Cooper of being negligent in protecting customer PII.

The mortgage lender and servicer in turn claims it has "well designed cybersecurity practices and procedures to protect consumer PII" and that it "quickly detected the attack and engaged its incident response protocols to successfully mitigate any possible impact on consumers."

The Texas-based company's cyber breach, which leaked the Social Security numbers of 14.7 million customers, has had ongoing consequences for those impacted, plaintiffs claim.

Some of the class members reported being hit by a wave of spam and seeing credit cards opened in their names, a July complaint in Texas federal court shows. In one instance, a customer said they had $25,000 withdrawn from a Charles Schwab account. These incidents are proof of injury to Mr. Cooper customers and will help members prevail over the company's future motion to dismiss, plaintiffs in the suit claim.

However, Mr. Cooper says plaintiffs "allege no recognized injury, only a speculative concern of future harm after receipt of a data breach notification."

Mr. Cooper does not comment on pending litigation. An attorney representing the plaintiffs could not be reached for comment.

Meanwhile, the lender and servicer is suing its insurers for not indemnifying it for losses caused by the attack. Litigation filed by the company in November points to a total of $30 million in losses that have yet to be covered by its insurance partners. 

This sum includes the cost "to restore its computer systems…which were a direct result of the criminal actions of the cyber hackers," litigation filed by Mr. Cooper in Texas federal court said. Mr. Cooper's insurers, which it alleges "improperly denied coverage" are National Union Fire Insurance Company and Berkshire Hathaway Specialty Insurance.