Sunday, October 6, 2024

Mr. Cooper: Hackers got personal info on past and present customers

Must read

The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.

Loan servicing giant Mr. Cooper says it will provide two years of identity protection services and credit monitoring to all of its current and former customers after determining that personal information “relating to substantially all of our current and former customers was obtained” in a cybersecurity incident the company discovered on Halloween.

In a report to investors Friday, the Dallas, Texas-based mortgage servicer said it is “in the process of reaching out to customers with instructions on how to sign up for these complimentary services and how to contact us with questions.”

As of Sept. 30, Mr. Cooper was collecting payments from 4.29 million borrowers who owed $937 billion in outstanding mortgage debt.

Mr. Cooper said it now expects to spend $25 million on vendor expenses related to the cybersecurity incident, up from a previous estimate of $5 million to $10 million, due to an accrual for the cost of providing two years of identity protection to past and present clients.

In the wake of the cybersecurity incident, which forced the company to implement a four-day “precautionary shutdown,” Mr. Cooper is facing at least five lawsuits seeking class-action status to represent affected clients.

The company’s “forensic review, engagement with law enforcement and regulators, and defense of litigation is ongoing,” Mr. Cooper informed investors Friday.

Mr. Cooper had previously disclosed on Nov. 9 that because of the incident, it expected its mortgage originations business would generate no pretax operating earnings during the fourth quarter, and could lose up to $10 million. The company’s loan servicing business was still expected to generate fourth-quarter pretax operating earnings of $200 million to $210 million. That earnings guidance remains in place, the company said Friday.

Mr. Cooper generates most of its revenue as a loan servicer, collecting fees from investors and lenders for collecting mortgage payments on their behalf. Mr. Cooper reported a $275 million third-quarter profit as pretax operating income from loan servicing grew by 65 percent from the previous quarter to $301 million.

But the company also originates mortgages, primarily by offering refinancing to homeowners it collects payments from. During the third quarter, Mr. Cooper funded 12,468 loans totaling $3.4 billion.

The nation’s biggest title insurer, Fidelity National Financial (FNF), discovered on Nov. 19 that an unauthorized third party had accessed some of its systems and acquired credentials and data.

While FNF says the incident was contained on Nov. 26, it’s been silent on reports that it was the target of a ransomware attack exploiting a software vulnerability in Netscaler, Citrix Bleed, that UK-based cybersecurity researcher Kevin Beaumont has called “the cybersecurity challenge of 2023.”

Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.

Email Matt Carter

More articles

Latest article