Source: www.govinfosecurity.com – Author: 1
Finance & Banking
,
Incident & Breach Response
,
Industry Specific
Data Stolen From Mortgage Lender Includes Bank Account Numbers
David Perera (@daveperera) •
December 18, 2023
A late October hacking incident at mortgage lender Mr. Cooper affected 14.7 million individuals, the Texas company disclosed Friday.
See Also: JavaScript and Blockchain: Technologies You Can’t Ignore
The incident triggered a four-day shutdown of corporate systems and a suspension in lending. The company manages approximately $937 billion in loans and more than 4.3 million customers. In breach notifications being sent to affected individuals, the non-bank lender said stolen information includes names, Social Security numbers, birthdates and bank account numbers.
Hackers gained access on Oct. 30 and were ejected on Nov. 1.
In a filing with federal regulators, Mr. Cooper estimated the incident will cost $25 million, up from a previous estimate of between $5 million to $10 million. The incident has not affected expectations for new loan income or revenue from servicing existing loans, it said.
Affected individuals include anyone with a mortgage serviced currently or previously by Mr. Cooper or one of its sister brands: RightPath Servicing, Rushmore Servicing, Greenlight Financial Services, and Champion Mortgage. Anyone who applied for a home loan is also swept up in the attack.
The incident came just as U.S. federal regulators have stepped up requirements for publicly traded companies and the non-banking financial sector entities to disclose security incidents. As of Monday, all publicly traded companies excepting small companies – who have an extra 180 days to comply – must disclose most “material cybersecurity incidents” within four business days of determining materiality (see: SEC Votes to Require Material Incident Disclosure in 4 Days).
The Federal Trade Commission in October imposed a new reporting mandate for nonbanking financial institutions requiring them to report a data breach to the agency anytime a third party acquires without authorization the unencrypted records of at least 500 consumers. The mandate becomes effective on May 13 (see: FTC Expands Financial Data Breach Reporting Requirements).
Original Post URL: https://www.govinfosecurity.com/mr-cooper-hacking-incident-affects-data-147-million-a-23918
Category & Tags: –
Views: 0