Mortgage giant Mr. Cooper data breach affects 14.7 million people



A week after the incident disclosure, Mr. Cooper announced it had found evidence that the network intruders conducting the attack had, unfortunately, accessed customer data.

It was clarified that no financial information was exposed, but the exact data that had been breached was still subject to the ongoing investigation.

Today, the company submitted a report to the Office of the Maine Attorney General informing that the incident impacted 14,690,284 people.

The information that has been exposed to cybercriminals includes:

• Full name
• Home address
• Phone number
• Social Security Number (SSN)
• Date of Birth
• Bank account number

The exposed data puts impacted individuals at risk of phishing, scams, and social engineering attacks, while bank fraud and identity theft are also possible due to the leak of bank account numbers.

"Upon learning of this incident, we immediately took steps to identify and remediate it, including locking down our systems, changing account passwords, and restoring our systems," reads the notice sent to impacted customers.

"We initiated a detailed review to identify personal information contained in the impacted files as part of the incident."

"We are monitoring the dark web and have not seen any evidence that the data related to this incident has been further shared, published, or otherwise misused."

Recipients of the notices are urged to remain vigilant against unsolicited communications and enroll in the offered 24-month identity protection service.

At this time, no further details about the type of cyberattack have been disclosed, and no ransomware gangs have assumed responsibility for an attack on Mr. Cooper.

Source: BleepingComputer