Mortgage giant Mr. Cooper is sending notification letters to 14.7 million individuals to inform them that their personal information was stolen in a recent cyberattack.
The incident was identified on October 31, resulting in certain systems being taken down, including those used for processing customer payments, the company announced in early November.
On December 15, Mr. Cooper started notifying customers that, between October 30 and November 1, the attackers had access to certain systems and exfiltrated files containing customer personal information.
“Based on our investigation to date, roughly 14.7 million homeowners, representing former and current customers and co-borrowers, had personal information contained in the files that were affected by this incident,” the company says in an incident notice.
In the notification letter sent to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s Office, Mr. Cooper says that the compromised personal information includes names, addresses, dates of birth, phone numbers, Social Security numbers, and bank account numbers.
On its website, the company clarifies that “a limited group of approximately 32,000 reverse mortgage customers’ bank account numbers were contained in the files that were affected by this incident.”
Mr. Cooper says it has fully restored the systems that were locked down following the attack, and that it is monitoring the dark web to see if the stolen data is being shared by the attackers.
The company says it has no evidence at this time that the stolen information was misused for fraud or identity theft, but it is providing identity protection and credit monitoring services to the impacted individuals and encourages them to enroll.
Mr. Cooper has not provided specific details on the type of cyberattack it has suffered, but taking systems offline is the typical response to a ransomware attack.
To date, however, SecurityWeek has not observed any ransomware gang taking responsibility for the incident.