The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.

Hackers had access to the personal information of nearly 15 million current and past customers of loan servicing giant Mr. Cooper, including Social Security numbers, dates of birth and bank account numbers, an attorney representing the company said in a filing with Maine regulators.

Dallas, Texas-based Mr. Cooper began notifying current and past customers of the data breach on Dec. 15, offering them two years of identity protection services and credit monitoring.

The company’s filings with the Maine Attorney General’s Office reveal that, because data of both past and present customers was exposed, the number of affected consumers is more than three times Mr. Coooper’s current customer base.

In its most recent quarterly report to investors, Mr. Cooper said it was collecting monthly mortgage payments from 4.29 million borrowers who owed $937 billion in outstanding debt as of Sept. 30.

An attorney for Mr. Cooper informed the state’s attorney general that 14.69 million people were affected by the data breach, including 59,917 Maine residents.

In a notice being sent to affected Maine consumers, Mr. Cooper said “an unauthorized party” gained access to “certain” company systems between Oct. 30 and Nov. 1.

“Although we have no evidence at this time that your information has been misused for identity theft or fraud as a result of this incident, we are contacting you to explain the circumstances of this event, and to provide information about the service we will provide to help you protect yourself,” the notice said.

Personal information in the exposed files included names, addresses, phone numbers, Social Security numbers, dates of birth and bank account numbers, Mr. Cooper said in a notice the company that was also provided to California regulators.

Mr. Cooper is providing two years of free credit monitoring, credit reports and credit score services from TransUnion, which sends alerts when changes occur to a consumer’s credit file.

Those who have questions were invited to call the Mr. Cooper Cyber Incident Response Line at 1-833-960-4745, from 8 a.m. to 8 p.m. Eastern Time Monday through Friday, or to visit MrCooperIncident.com.

In a Dec. 15 investor disclosure, Mr. Cooper said it expects to spend $25 million on vendor expenses related to the cybersecurity incident, including an accrual for the cost of providing two years of identity protection to past and present clients.

The incident forced the company to implement a four-day “precautionary shutdown” that disrupted both loan servicing and loan originations, and Mr. Cooper is facing at least five lawsuits seeking class-action status to represent affected clients.

Mr. Cooper generates most of its revenue as a loan servicer, collecting fees from lenders and investors in mortgage-backed securities in exchange for collecting homeowners’ monthly mortgage payments on their behalf.

In its notice to affected Maine residents, Mr. Cooper said consumers whose data was exposed include homeowners whose mortgage was previously acquired or serviced by Nationstar Mortgage or Centex Home Equity (Mr. Cooper is the “doing business as” name of Nationstar Mortgage LLC).

Homeowners who make payments to Mr. Cooper’s sister brands, including RightPath Servicing, Rushmore Servicing, Greenlight Financial Services and Champion Mortgage, may also have had their personal data compromised.

Mr. Cooper also originates mortgages, primarily by offering refinancing to homeowners it collects payments from, but also through a correspondent channel that purchases or originates loans from mortgage bankers. Consumers who previously applied for a home loan with Mr. Cooper may also have had their data exposed, the company said.

The nation’s biggest title insurer, Fidelity National Financial (FNF), discovered on Nov. 19 that an unauthorized third party had accessed some of its systems and acquired credentials and data. FNF said the incident was contained on Nov. 26 and has not commented on reports that the company was the target of a ransomware attack exploiting a software vulnerability in Netscaler, Citrix Bleed.

A spokesperson for Mr. Cooper declined to comment on the company’s filing with the Maine Attorney General, the number of customers affected, or whether the data breach was a ransomware attack. The spokesperson referred Inman to a statement the company issued on Dec. 15.

Jay Bray

“We take our role as a mortgage company very seriously, and there is nothing more important to us than maintaining our customers’ trust,” Mr. Cooper Chairman and CEO Jay Bray said in the statement. “I want you to know how sorry I am for any concern or frustration this may have caused. Making the homeownership journey as smooth as possible is our top priority, and we intend to make this right for our customers.”

Goal: $1T mortgage servicing portfolio

Source: Mr. Cooper earnings reports.

Mr. Cooper reported a $275 million third-quarter profit on Oct. 25, as pretax operating income from loan servicing grew by 65 percent from the previous quarter to $301 million. Having grown its mortgage servicing business by 10 percent in the last year, Mr. Cooper remained on track to achieve its goal of building a $1 trillion mortgage servicing portfolio.

The company expects that because of the data breach, its mortgage originations business will generate no pretax operating earnings during the fourth quarter, and could lose up to $10 million. Mr. Cooper has informed investors that it expects the company’s loan servicing business will still generate $200 million to $210 million in fourth-quarter pretax operating earnings.

Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.

Email Matt Carter

Show Comments Hide Comments
Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Success!
Thank you for subscribing to Morning Headlines.
Back to top
Only 3 days left to register for Inman Connect Las Vegas before prices go up! Don't miss the premier event for real estate pros.Register Now ×
Limited Time Offer: Get 1 year of Inman Select for $199SUBSCRIBE×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription
×