Mr. Cooper sustains ‘cybersecurity incident’; some systems now back online

Investigation is ongoing; company assures customers that no penalties or fees will be incurred due to incident

Mr. Cooper was the target of a cybersecurity attack early last week, leaving the mortgage industry giant’s systems locked down for days while it worked on a resolution.

Originally described by the mortgage lender as an “outage” in messages sent to customers, the Oct. 31 incident has yet to be termed a “cyberattack” in the company’s official verbiage, although it acknowledged in a filing with the Securities and Exchange Commission (SEC) that “an unauthorized party gained access to certain technology systems.”

The company posted a notice on its website about the incident, announcing that it immediately initiated response protocols, deploying containment measures to protect customer data and shutting down certain systems as a precautionary action. Law enforcement was notified and an investigation “with assistance from leading cybersecurity experts” was launched.

As of late this week, Mr. Cooper has announced that some of its systems have resumed normal operations. The company has pledged that it is at work keeping sensitive customer information secure. If any customers are affected, they will be notified and provided with identity protection services provided by Mr. Cooper.

Mr. Cooper is unable to process payments while its systems remain down. Per the company, electronic payments for loans will process as soon as systems return to standard operations.

“Rest assured, you will not incur any fees, penalties or negative credit reporting related to late payments as we work to fix this issue,” the notice stated.

The company also said that rate locks will be honored, and rates and fees will not be impacted by the breach. The notice reiterates that Mr. Cooper’s “Close On Time” guarantee, which promises borrowers a check equal to their first month’s principal and interest payment if their loan doesn’t close on or before the contract closing date, remains in effect and will be honored regardless of the impacts of the incident.

The investigation is ongoing, but according to the SEC filing, Mr. Cooper doesn’t believe that the breach will have a “material adverse effect” on financial results.


More Headlines