U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal.
The Texas-based company said in a statement on its website that on October 31, Mr. Cooper “became the target of a cyber security incident and took immediate steps to lock down our systems in order to keep your data safe.”
In a separate notice, Mr. Cooper said it is “actively investigating this event to determine if any data has been compromised.” The company employs approximately 9,000 people and has 4.1 million customers. The lender has become the nation's largest servicer, servicing loans of $937 billion.
Customers reported that they could not log in to Mr. Cooper's website to pay their mortgages or loans. They were instead greeted with a message stating that the company was suffering a technical outage.
It’s not clear when Mr. Cooper expects to bring its systems back to operation, or if the company has the technical ability to determine what customer data, if any, was stolen.
While Mr. Cooper has not disclosed whether this is a ransomware attack, it bears all the signs of being one. If it turns out this was a ransomware attack, then it is likely that data was stolen to be used as leverage to get Mr. Cooper to pay a ransom demand.
As Mr. Cooper holds sensitive information about customers, including financial information, customers should be vigilant against potential phishing attacks and identity theft.
Mr. Cooper is advising users to monitor their financial accounts and credit reports for any unauthorized activity until the company completes its investigation. “You can also contact the three major credit bureaus to place a ‘fraud alert’ on your file at no cost, which alerts creditors to contact you before they open a new credit account under your Social Security number,” the company said.