Mr. Cooper, a leading U.S. mortgage servicer, has revealed a significant data breach that occurred on October 30, 2023, impacting nearly 14.7 million individuals, comprising both current and former customers. The details of this breach were outlined in an SEC filing updated on December 15, 2023, raising concerns about the adequacy of security measures and the potential risks associated with prolonged data retention.
Extent of the Breach The breach notification submitted to the Office of the Maine Attorney General disclosed that personal information such as names, addresses, phone numbers, Social Security numbers, dates of birth, and bank account numbers were compromised. Mr. Cooper confirmed that an unauthorized third party gained access to its systems between October 30 and November 1. The intrusion was detected on October 31, leading to a prompt shutdown of its systems, causing a service outage from November 1 to November 4.
The scale of the breach is considerable, affecting over 10 million non-customers inadvertently. The impacted individuals include current and former customers, sister brand customers, customers of mortgage companies partnered with Mr. Cooper, and those who applied for a home loan through the company.
Response and Mitigation Efforts
Mr. Cooper is actively taking steps to mitigate the impact on affected individuals by providing two years of free identity protection services through TransUnion’s Identity Force. Victims must enroll in these services within 90 days of receiving the breach notice. Jay Bray, Chairman and CEO of Mr. Cooper Group, underscored the company’s commitment to customer trust, stating, “We take our role as a mortgage company very seriously.”
Insights from Security Experts Cybersecurity experts have emphasized the challenges associated with long-term data retention, particularly in companies like Mr. Cooper that store former customers’ data for regulatory compliance. Pathlock CEO Piyush Pandey highlighted the need for robust data protection and access governance strategies for both current and former customer data.
Experts recommend tools such as data masking and continuous controls monitoring to defend sensitive data. Claude Mandy, Chief Evangelist of Data Security at Symmetry Systems, stressed the importance of proactive data management to prevent unnecessary retention of sensitive information. Patrick Tiquet, Vice President of Security and Architecture at Keeper Security, advised companies to regularly audit their data inventory and implement appropriate data protection measures, including privileged access management (PAM) platforms.
Industry Guidelines and Recommendations The Mortgage Bankers Association, representing over 2,200 companies in the real estate finance industry, provides guidelines emphasizing the cost considerations of data retention and the importance of access controls. The guidance states, “Access control to limit who can access data in each location will tighten security.”
Conclusion
The Mr. Cooper data breach serves as a stark reminder of the vulnerabilities in data security and the critical need for businesses to implement comprehensive protection measures. As the aftermath unfolds, affected individuals and industry stakeholders will closely monitor the situation, demanding increased vigilance in safeguarding personal information.
Related Articles
Protecting Your Google Workspace Account From the Latest Cyber Threat
If your company relies on Google Workspace, you must know about the latest cyber threat. As you know, setting up a new user account in Google Workspace requires email authentication. Hackers uncovered a vulnerability in Google’s protocols that bypassed this...
Microsoft Teams Merges Work and Home Accounts Efficiently
Suppose you use Microsoft Teams for work, school, and at home to communicate and collaborate with friends and family. In that case, you’ll welcome the latest update from the software giant: you no longer have to use separate apps for your personal and professional...
Zoom Now Supports Calls with Up to One Million
If you’ve ever been on a Zoom call and thought, “It would be great if more people could join in,” you’re in luck. The biggest name in video conferencing software just announced that event organizers can host up to one million attendees on a single-use webinar,...