In a new cybersecurity incident, Coppell, Texas-based mortgage and loan giant Mr. Cooper has become the latest victim of a cyberattack that may have compromised the sensitive personal information of more than 14 million individuals, impacting both current and former customers.
The company, in its data breach notifications to state and federal regulators, disclosed that the incident initially thought to affect 4.3 million current customers now extends its reach to an additional 10 million past customers.
The severity of the situation prompted the company to file a data breach notification with the Maine Attorney General, revealing that a staggering total of 14,690,284 individuals could be affected, with 59,917 of them being residents of Maine.
The data breach came to light in early November 2023, when Mr. Cooper announced that it had fallen victim to a cyberattack on October 30, 2023. The breach, discovered the following day, prompted the company to take swift and decisive action by shutting down all IT systems. This included the temporary closure of the online payment portal, a vital platform used by customers to manage their loan and mortgage payments.
The company is now actively engaged in investigating the extent of the breach and has begun the process of notifying affected individuals. The compromised data is said to include sensitive personal information such as names, email addresses and personal identifiers in combination with Social Security Numbers (SSN), raising concerns about the potential misuse and identity theft implications for the affected customers.
However, Mr. Cooper assures its customers that it is working to enhance its cybersecurity measures to prevent any future breaches. In the meantime, affected individuals are encouraged to remain alert, monitor their financial accounts, and take necessary precautions to safeguard their personal information.
In a comment to Hackread.com, Claude Mandy, Chief Evangelist of Data Security at Symmetry Systems highlighted the challenge organizations face with data retention due to legal requirements and business aspirations. Despite the desire to use data for analytics and customer re-engagement, data often remains untouched, leading to breaches that impact both current and past customers.
“Unfortunately, a lot of organizations are stuck between a rock and a hard place, when it comes to the retention of data. Various laws and legislature require organizations to keep records for over 7 years, but they also hope to attract their past customers back into the fold and plan to leverage it to develop future analytics insights. In reality, this data just lies untouched where it lies, often long past their actual retention policies. Regardless of the reason, it is not unusual to see breaches impacting not only current customers but previous customers too.“
Mandy emphasizes the importance of proactive data management, citing an example where Symmetry Systems enabled a Fortune 100 organization to delete 25% of their cloud assets without business impact. Additionally, he notes that the absence of credit card numbers in Mr. Cooper’s breach may suggest the use of outsourced payment providers that tokenize credit card information for enhanced security.
“Increasingly our customers with the help of our data-centric monitoring, identify and proactively delete data beyond its retention lifecycle, and further reduce access to sensitive data in a manner commensurate with its actual usage and sensitivity. In one example, we enabled a Fortune 100 organization on Google Cloud to delete over 25% of their cloud assets such as Projects, Identities, and production data without any business impact.“
“The lack of credit card numbers in the breach notification isn’t exceptionally notable given that Mr Cooper doesn’t offer credit card facilities to its customers, and mortgage companies generally restrict credit card payments for mortgages. For other organizations that do, this may be a sign that they are leveraging an outsourced payment provider that tokenizes (i.e. replaces with a token) credit card numbers to secure them.“
The announcement of the data breach at Mr. Cooper came just days after Delta Dental, a dental insurance provider based in Oak Brook, Illinois, United States, revealed that it had experienced a data breach affecting 7 million customers.
Nevertheless, impacted individuals are urged to be watchful for phishing emails that may falsely claim to originate from the company, claiming to provide new updates. However, the actual motive could be to exploit the situation and attempt to steal user data.