14 million exposed in massive mortgage lender breach — names, dates of birth and SSNs
Following a cyberattack that occurred back in October, the Dallas-based mortgage lending firm Mr. Cooper has revealed that the personal data of 14.7 million borrowers has been exposed online.
As reported by BleepingComputer, Mr. Cooper (formerly Nationstar Mortgage LLC) is one of the largest servicers of loans in the U.S. with 9,000 employees and millions of customers.
Back In November, the company announced that it had suffered a data breach on October 30 of this year. Mr. Cooper was then forced to shut down all of its IT systems (including its online payment portal used by customers) following this attack. In the week following this initial disclosure, the company revealed that it had found evidence that the attackers responsible were able to access some customer data.
Now though, the full extent of this data breach has been made public after the company submitted a notice of data breach to the Office of the Maine Attorney General. If you currently have a mortgage with Mr. Cooper or previously did, this is everything you need to know about this data breach and what steps you can take now to avoid falling victim to targeted phishing attacks, fraud or even identity theft.
Personal info stolen by hackers
Although no financial information (like credit card numbers) was initially thought to be exposed as a result of this data breach, plenty of personal customer information was.
According to the notice of data breach Mr. Cooper submitted to the Office of the Maine Attorney General, approximately 14,690,284 past and current customers were impacted by this data breach.
In addition to full names, dates of birth, phone numbers and home addresses, the Social Security numbers (SSNs) and bank account numbers of borrowers were exposed following the cyberattack on Mr. Cooper’s IT systems.
The company does explain that after learning of the incident, it immediately locked down its systems and changed account passwords before restoring them. At the same time, its staff is also monitoring the dark web for any signs that this information has been “shared, published or otherwise misused.” So far, Mr. Cooper has not found evidence that this is the case.
What to do next if you’re a Mr. Cooper customer
If you’re a current or former Mr. Cooper customer, then you’ve likely already received a notice of data breach from the company. If not, you should keep checking your mailbox for one as these types of disclosures usually happen the old-fashioned way as opposed to through email.
Mr. Cooper is providing 24 months of free access to one of the best identity theft protection services, but you will need to use the enrollment code enclosed in your letter to sign up for myTrueIdentity from TransUnion. The company also recommends that affected customers set up a security freeze so that no one else can take loans or other services in their name.
At the same time, you also want to carefully check your bank statements for signs of fraud each month. Here’s everything you need to know about setting up a fraud alert to protect your credit and identity. You should also get a free credit report from Equifax, Experian and TransUnion just to be safe and you can do this once per year.
Unlike with malicious apps or phishing emails, there’s really nothing you could have done differently to prevent falling victim to a data breach. Even though a company was breached, it’s now up to you to take preventative action so that you don’t fall victim to fraud or identity theft. Fortunately though, Mr. Cooper is providing a free, two-year subscription to an identity theft protection service to help you deal with the aftermath of this massive data breach.
